github-evidence-kit

[Skill Scanner] Installation of third-party script detected All findings: [CRITICAL] command_injection: Installation of third-party script detected (SC006) [AITech 9.1.4] [CRITICAL] command_injection: Installation of third-party script detected (SC006) [AITech 9.1.4] The documented skill is coherent with its stated purpose (forensic evidence collection and verification). There are no explicit signs of malware or obfuscation in the provided documentation. Primary risks are legitimate but sensitive capabilities: reading full local git history (dangling commits/reflogs), requiring GCP BigQuery credentials (including support for putting JSON credentials into an env var), and storing/ exporting IOCs that can include API keys or secrets. These behaviors warrant caution and proper operational controls (restrict where the tool is run, protect evidence exports, avoid placing long-lived credentials in easily leaked env vars). Overall: functionality aligns with purpose, not malicious, but moderate security risk if misused or misconfigured. LLM verification: The skill's stated purpose and capabilities are coherent and appropriate for forensic evidence collection from GitHub, GH Archive, Wayback Machine, and local git. The primary risks are operational: handling of sensitive repository history (dangling commits, reflog), proper protection of GH Archive/BigQuery credentials, and safe storage of exported evidence. The static scanner flags for 'pip install' in the docs merit inspection of actual install commands and referenced packages to ensure trusted