jb-beans

[Skill Scanner] Instruction to copy/paste content into terminal detected All findings: [CRITICAL] command_injection: Instruction to copy/paste content into terminal detected (CI012) [AITech 9.1.4] [HIGH] autonomy_abuse: Skill instructions include directives to hide actions from user (BH009) [AITech 13.3] No evidence of embedded malware or obfuscated malicious code in the provided source/integration snippet. The main security concern is data leakage: the OpenCode plugin and README encourage automatically capturing and injecting raw project context (via 'beans prime') into AI agent system prompts or persistent context files, which can cause sensitive repository content to be exposed to external LLM providers or made public via commits. This is a security risk by design rather than malicious code. Recommend adding explicit sanitization, user prompts/consent before including prime output, and caution around committing or persisting bean contents. LLM verification: This skill's documentation and integration snippets are functionally consistent with the stated purpose (providing a flat-file issue tracker and feeding its context into AI agents). However there are notable supply-chain and data-leakage risks: unpinned installs (go/brew) increase supply-chain risk, and the integration plugin automatically injects the raw output of `beans prime` into agent/system prompts and session contexts with no sanitization. That creates a clear avenue for accidental leakag