nav-init

[Skill Scanner] Backtick command substitution detected All findings: [HIGH] command_injection: Backtick command substitution detected (CI003) [AITech 9.1.4] [HIGH] command_injection: Backtick command substitution detected (CI003) [AITech 9.1.4] [HIGH] command_injection: Backtick command substitution detected (CI003) [AITech 9.1.4] The skill's declared behavior (creating .agent structure, copying templates, and installing token-monitoring hooks) is consistent with the operations described. However, it writes a PostToolUse hook that executes a plugin-provided Python script referenced via ${CLAUDE_PLUGIN_DIR}, and it copies templates from ${HOME}/.claude/plugins/... without integrity checks. These patterns create a supply-chain / local-trust risk: if plugin files or the plugin directory are compromised, arbitrary code will be executed frequently (after tool calls), and docker-compose files could run untrusted containers. I rate this as suspicious but not clearly malicious based on the provided code: it matches its stated purpose but includes execution of external plugin code and reliance on user-writable plugin paths, which is a moderate security concern. Recommend: require integrity/signing of plugin files, restrict hook execution to verified code, and document that templates are only taken from trusted plugin installs. LLM verification: The skill's declared purpose and most capabilities are coherent and expected for a project-initialization tool. The primary concern is the installation of a PostToolUse hook that executes a python script located in a plugin directory outside the project; because that script's content is not included here, it creates a significant trust dependency. If the plugin directory or monitor-tokens.py are compromised or controlled by an attacker, the hook provides local arbitrary code execution triggered