ck-help

[Skill Scanner] Instruction directing agent to run/execute external content All findings: [CRITICAL] command_injection: Instruction directing agent to run/execute external content (CI011) [AITech 9.1.4] [CRITICAL] command_injection: Instruction directing agent to run/execute external content (CI011) [AITech 9.1.4] [HIGH] command_injection: Backtick command substitution detected (CI003) [AITech 9.1.4] [HIGH] command_injection: Backtick command substitution detected (CI003) [AITech 9.1.4] [HIGH] command_injection: Backtick command substitution detected (CI003) [AITech 9.1.4] [HIGH] command_injection: Backtick command substitution detected (CI003) [AITech 9.1.4] [HIGH] command_injection: Backtick command substitution detected (CI003) [AITech 9.1.4] BENIGN: The fragment describes a user-facing tooling workflow for running an external script and formatting its output based on a marker. The capabilities (translate inputs, run ck-help.py, detect output type, present output with enhancements) are coherent with a legitimate usage pattern for an AI agent skill describing ClaudeKit guidance. There is no evident data exfiltration, credential access, or malicious data flow within the fragment itself. However, risk hinges on the provenance and integrity of the external ck-help.py script; if that script is untrusted, it could introduce security concerns when executed with user-provided input. LLM verification: SKILL.md itself is not clearly malicious: it documents running a local helper script (ck-help.py) and how to present its output. However, design choices create a meaningful supply-chain and leakage risk: mandatory verbatim disclosure of script output and automatic translation of user input can expose secrets if the script reads or prints them, and there is no limit on network interactions the script might perform. Before permitting execution in a production or sensitive environment, review the c