security-audit

[Skill Scanner] Backtick command substitution detected All findings: [HIGH] command_injection: Backtick command substitution detected (CI003) [AITech 9.1.4] [HIGH] data_exfiltration: Credential file access detected (DE002) [AITech 8.2.3] This skill is coherent with its stated purpose and does not contain direct download-execute supply-chain patterns or external credential forwarding. However, it legitimately requests and processes high-sensitivity data (.env*, git history) and grants the agent Bash and Task capabilities, which enables arbitrary local command execution and wide file access. Without explicit redaction policies and stricter safeguards, there is a moderate operational risk that the skill could expose or persist secrets. Recommend: add explicit redaction rules (never include raw secret values in reports), restrict Bash usage or require explicit user confirmation for destructive or broad reads, and avoid auto-saving reports containing raw secrets to the repository. LLM verification: The skill is a well-structured design for a deep security audit and legitimately needs access to repository and configuration artifacts. However, it currently lacks essential operational safeguards (redaction, explicit user consent, least-privilege scoping, and trust boundaries for Task recipients). This creates a moderate security risk: if Task recipients are untrusted or external, the skill could facilitate bulk exfiltration of sensitive data (secrets, keys, PII). There is no evidence of embed