idempiere-2pack

[Skill Scanner] Backtick command substitution detected All findings: [HIGH] command_injection: Backtick command substitution detected (CI003) [AITech 9.1.4] [HIGH] command_injection: Backtick command substitution detected (CI003) [AITech 9.1.4] The fragment is a coherent, purpose-aligned skill description for managing iDempiere 2Pack Pack In/Out processes. It does not contain executable code, credential requests, or external data flows. It is appropriately scoped and should be considered BENIGN with low security risk, given its descriptive nature and references to internal materials. LLM verification: The instruction file itself is not malicious and matches its declared purpose. However, it documents operations (automatic pack-in, execution of SQL and shell handlers, OSGi activators) that are high-risk if package artifacts or plugin bundles are untrusted. No direct indicators of malware or credential exfiltration were found in the text reviewed, but the absence of explicit provenance and runtime safeguards is a security gap. I recommend enforcing signing/checksums, restricting monitored direc