code-review

[Skill Scanner] Backtick command substitution detected All findings: [HIGH] command_injection: Backtick command substitution detected (CI003) [AITech 9.1.4] [HIGH] command_injection: Backtick command substitution detected (CI003) [AITech 9.1.4] BENIGN: The code-review skill/document is a coherent, purpose-aligned governance guide for rigorous code review workflows. It does not perform data processing, read inputs, or exfiltrate data. Its footprint is a formal process specification suitable for integration into a larger tooling suite. No suspicious data flows or credential handling are apparent. LLM verification: The skill is functionally benign in isolation and appropriately prescriptive for rigorous code reviews and verification gates. The primary security concern is operational: the document instructs collecting repository metadata (changed files, SHAs, test outputs) and dispatching them to a code-reviewer subagent via a Task tool without specifying trust boundaries, authentication, encryption, redaction, or retention policies. This ambiguity could lead to leakage of sensitive repository content if th