gha-security-review

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). The document contains numerous explicit, actionable exploitation examples (curl|bash payloads, token exfiltration commands, backdoor init()/preinstall hooks, branch/filename expression injection payloads, unpinned-action supply-chain exploits and artifact/cache poisoning) that are dual‑use but provide concrete malicious payloads and step‑by‑step PoC scenarios which could be directly abused for credential theft, RCE, persistence, and supply‑chain compromise.