agent-platforms

[Skill Scanner] Credential file access detected All findings: [HIGH] data_exfiltration: Credential file access detected (DE002) [AITech 8.2.3] [HIGH] data_exfiltration: Credential file access detected (DE002) [AITech 8.2.3] [HIGH] data_exfiltration: Credential file access detected (DE002) [AITech 8.2.3] [HIGH] command_injection: Backtick command substitution detected (CI003) [AITech 9.1.4] [HIGH] command_injection: Backtick command substitution detected (CI003) [AITech 9.1.4] The SKILL.md content itself is benign documentation, but it facilitates a supply-chain vector: cloning arbitrary repositories into agent auto-discovery directories without integrity checks or sandboxing. This pattern can enable malicious skills to be installed and executed by agent runtimes, potentially leading to data exposure or arbitrary actions by the agent. Recommend treating third-party skill repositories as untrusted: require code review, pin commits/tags, verify checksums or signatures, prefer vetted registries, run skills in restricted sandboxes or containers, and avoid automatic activation of newly added skills. LLM verification: This SKILL.md is benign documentation on its face and does not contain executable or obfuscated malicious code. However, it recommends actions (git clone/WebFetch to account-default auto-discovery directories) that create a real supply-chain risk if performed without verification, pinning, or isolation. The document should be updated to include explicit security guidance: verify repository provenance, pin to commit SHAs, prefer local review and testing in isolated environments, use checksums/sig