email-agent

[Skill Scanner] Installation of third-party script detected All findings: [CRITICAL] command_injection: Installation of third-party script detected (SC006) [AITech 9.1.4] [CRITICAL] command_injection: Natural language instruction to download and install from URL detected (CI009) [AITech 9.1.4] [CRITICAL] command_injection: Natural language instruction to download and install from URL detected (CI009) [AITech 9.1.4] [CRITICAL] command_injection: Installation of third-party script detected (SC006) [AITech 9.1.4] [HIGH] command_injection: Backtick command substitution detected (CI003) [AITech 9.1.4] This SKILL.md appears functionally consistent with its stated purpose (an AtrisOS-backed Gmail agent). I found no direct malicious code or obfuscation inside this document. The primary security concerns are: (1) privacy and trust implications of routing all Gmail access through the third-party AtrisOS service (AtrisOS will hold refresh tokens and email content server-side), and (2) the supply-chain risk of installing the 'atris' npm CLI globally without integrity verification. Those are architectural/trust decisions rather than direct malware. Recommend: only use if you trust AtrisOS operator and vet the 'atris' npm package (review its source, maintainers, and versions), and be cautious with exporting tokens into shell environments. LLM verification: This SKILL.md implements a Gmail integration that routes all email operations and the user's Atris CLI token through a third-party service (api.atris.ai) and suggests installing a third-party global npm package (atris). There is no code-level malware in the provided file (no obfuscation, no eval, no hardcoded secrets), but the architecture creates a notable supply-chain/security risk: user tokens and email content are forwarded to an external domain rather than using direct Google APIs. If the e