simple-skills-manager

[Skill Scanner] Destructive bash command detected (rm -rf, chmod 777) All findings: [CRITICAL] command_injection: Destructive bash command detected (rm -rf, chmod 777) (CI004) [AITech 9.1.4] [CRITICAL] command_injection: Destructive bash command detected (rm -rf, chmod 777) (CI004) [AITech 9.1.4] [CRITICAL] command_injection: Destructive bash command detected (rm -rf, chmod 777) (CI004) [AITech 9.1.4] [CRITICAL] command_injection: Destructive bash command detected (rm -rf, chmod 777) (CI004) [AITech 9.1.4] [CRITICAL] command_injection: Destructive bash command detected (rm -rf, chmod 777) (CI004) [AITech 9.1.4] Best report is selected as a solid blueprint with clear backup and per-group management; however, it requires hardening around path leakage in generated tips, Git credentials handling, and stronger provenance controls to be production-ready. The approach is largely benign with manageable risk, assuming proper access controls and accurate manifests. LLM verification: Functionally, this skill is coherent with its purpose: it clones or records local paths, scans for SKILL.md files, backs up current skills, removes existing tips for a group, and writes new skill-tip directories. The design includes reasonable safeguards (backup before changes, group-name validation) but uses repeated destructive commands (rm -rf) and allows cloning arbitrary git URLs supplied by the user. The primary risks are (1) destructive filesystem operations if skill or group name sanitiz