antv-skills-maintainer

The code fragment implements an internal maintainer that reads skill directories and SKILL.md frontmatter and writes README.md and .claude-plugin/marketplace.json to keep repository metadata in sync. The primary risks are operational: autonomous execution (trigger 'always') and lack of explicit safeguards can enable propagation of malicious or malformed frontmatter into public-facing documentation and metadata. There is moderate injection risk (unsanitized frontmatter inserted into markdown/JSON) and a supply-chain propagation risk if untrusted skill changes are merged without review. I found no evidence of network exfiltration, credential theft, obfuscated/malicious code, or external communications in the provided fragment. Recommended mitigations: restrict execution triggers, require CI/human review or open PRs instead of direct commits, sanitize and validate frontmatter for markdown/JSON contexts, enforce explicit ignore lists for internal-only maintainer, and maintain an audit log of automated changes.