sast-orchestration

This skill is documentation and orchestration tooling for legitimate SAST workflows. No code in the provided files demonstrates credential harvesting, hidden command-and-control, remote exfiltration, obfuscated payloads, or backdoors. The primary security concerns are supply-chain hygiene and operational hygiene: some examples show unpinned installer commands and silenced errors which increase risk if an attacker compromises upstream packages or tooling. Overall it is appropriate for its stated purpose but operators should harden installs (pin versions, verify integrity) and ensure CI runners and tool outputs are handled securely.