flow-next-plan-review

[Skill Scanner] Backtick command substitution detected All findings: [HIGH] command_injection: Backtick command substitution detected (CI003) [AITech 9.1.4] [HIGH] command_injection: Backtick command substitution detected (CI003) [AITech 9.1.4] [HIGH] command_injection: Backtick command substitution detected (CI003) [AITech 9.1.4] [HIGH] command_injection: Backtick command substitution detected (CI003) [AITech 9.1.4] [HIGH] command_injection: Backtick command substitution detected (CI003) [AITech 9.1.4] [HIGH] command_injection: Backtick command substitution detected (CI003) [AITech 9.1.4] This SKILL.md describes an orchestration tool that legitimately coordinates plan reviews and automates reviewer interactions via a bundled flowctl. There is no explicit obfuscated or obviously malicious code in the fragment. However, the automatic 'fix loop' that applies changes and re-runs reviews without user confirmation is a dangerous, high-privilege behavior and out-of-band write capability: it can modify repo artifacts automatically and will forward repo content to backends via a black-box flowctl. Because of that governance and supply-chain risk (bundled flowctl + unspecified endpoints + automatic writes), I classify this skill as SUSPICIOUS for supply-chain use without additional controls (reviewer approval, auditable dry-runs, explicit allowed file lists, and explicit backend verification). Recommend requiring human approval before writes, limiting scope of files that can be auto-modified, and auditing/verifying the bundled flowctl binary and the backends it communicates with before trusting this skill in sensitive repos. LLM verification: The skill/document appears coherent with its stated purpose: to coordinate and perform epic plan reviews via sanctioned backends, with explicit controls, session receipts, and iterative fix loops. The presence of multiple backends and procedural steps is appropriate for its intended governance function. There is no evident malicious payload, credential harvesting, or data exfiltration within the fragment itself. The main concerns are operational: dependency on bundled flowctl tooling and potenti