vulnerability-scanning

[Skill Scanner] Installation of third-party script detected All findings: [CRITICAL] command_injection: Installation of third-party script detected (SC006) [AITech 9.1.4] [CRITICAL] command_injection: URL pointing to executable file detected (CI010) [AITech 9.1.4] The code fragment serves as a broad, instruction-focused guide for vulnerability scanning across multiple tools with CI/CD and compliance context. It is largely benign as documentation but contains insecure patterns (default credentials, disabled TLS verification, embedded keys) that render it unsuitable for direct production deployment. An improved version should redact secrets, enable TLS verification, implement secret management, and apply least-privilege principles, along with clear guidance on input validation and secure credential handling. LLM verification: This skill is functionally consistent with its stated purpose (vulnerability scanning) and contains standard instructions for using OpenVAS, Nessus, and Nuclei. No explicit malicious code or backdoor behavior is present in the provided text. However, there are several security concerns: TLS verification is disabled in the Nessus API example, default credentials are suggested for OpenVAS, and install instructions use unpinned/up-to-date pulls (go install @latest, wget of latest release) without c