uniwind

[Skill Scanner] Natural language instruction to download and install from URL detected All findings: [CRITICAL] command_injection: Natural language instruction to download and install from URL detected (CI009) [AITech 9.1.4] [HIGH] autonomy_abuse: Skill defers behavior to remote content fetched at runtime (AU005) [AITech 1.2] [HIGH] data_exfiltration: Credential file access detected (DE002) [AITech 8.2.3] [HIGH] data_exfiltration: Credential file access detected (DE002) [AITech 8.2.3] [HIGH] data_exfiltration: Credential file access detected (DE002) [AITech 8.2.3] [HIGH] data_exfiltration: Credential file access detected (DE002) [AITech 8.2.3] [HIGH] data_exfiltration: Credential file access detected (DE002) [AITech 8.2.3] [HIGH] data_exfiltration: Credential file access detected (DE002) [AITech 8.2.3] This Uniwind skill document is a benign documentation/diagnostic guide. It requests only project configuration files and suggests installing expected dependencies and running normal native build commands for Uniwind Pro. There are no indicators of credential harvesting, download-and-execute attacks, or obfuscated malicious code in the provided content. The primary residual risk is standard supply-chain exposure when adding native modules (uniwind-pro and its native dependencies) — treat such native installs with normal vetting (check package sources, lockfiles, and native dependency provenance). LLM verification: The provided SKILL.md is documentation-only and appears benign. It offers comprehensive setup and audit guidance for Uniwind and flags common misconfigurations. No explicit malicious code, obfuscation, or automated data-exfiltration behavior is present in the fragment. Main concerns are: (1) supply-chain risk from deferring authoritative guidance to an external docs URL, and (2) operational risk when advising package manager trust/whitelist changes or running native build commands without verify