pkgmgr-homebrew-formula-dev

[Skill Scanner] Pipe-to-shell or eval pattern detected All findings: [CRITICAL] command_injection: Pipe-to-shell or eval pattern detected (CI013) [AITech 9.1.4] [CRITICAL] command_injection: URL pointing to executable file detected (CI010) [AITech 9.1.4] [CRITICAL] command_injection: Pipe-to-shell or eval pattern detected (CI013) [AITech 9.1.4] [CRITICAL] command_injection: URL pointing to executable file detected (CI010) [AITech 9.1.4] [CRITICAL] command_injection: URL pointing to executable file detected (CI010) [AITech 9.1.4] [HIGH] supply_chain: Installation of third-party script detected (SC006) [AITech 9.1.4] This is a documentation and tooling guide for Homebrew formula development. It describes local template generation, validation, testing, and a standard method to compute SHA256 of source tarballs (via curl -> shasum). There is no evidence of malicious behavior, credential harvesting, or hidden network proxies. The only supply-chain consideration is that automated downloading of many tarballs (batch SHA computation) increases exposure to upstream sources if performed unverified; authors should verify checksum sources and avoid piping downloads directly into execution. Otherwise the content is coherent with its stated purpose. LLM verification: The repository content is a legitimate Homebrew formula authoring skill and template pipeline. It contains documentation examples that normalize high-risk supply-chain operations (notably pipe-to-shell and installing unverified prebuilt binaries). There is no evidence of intentional obfuscation, embedded backdoors, or direct exfiltration code in the provided files. The principal concern is operational: following the examples without additional verification increases the chance of executing malic