get-started

[Skill Scanner] Pipe-to-shell or eval pattern detected All findings: [CRITICAL] command_injection: Pipe-to-shell or eval pattern detected (CI013) [AITech 9.1.4] [CRITICAL] command_injection: URL pointing to executable file detected (CI010) [AITech 9.1.4] [CRITICAL] command_injection: Pipe-to-shell or eval pattern detected (CI013) [AITech 9.1.4] [CRITICAL] command_injection: URL pointing to executable file detected (CI010) [AITech 9.1.4] [CRITICAL] command_injection: Installation of third-party script detected (SC006) [AITech 9.1.4] [CRITICAL] command_injection: Installation of third-party script detected (SC006) [AITech 9.1.4] [HIGH] command_injection: Reference to external script with install/setup context (SC005) [HIGH] command_injection: Reference to external script with install/setup context (SC005) This SKILL.md is documentation/onboarding content and not code that performs hidden malicious actions. It is internally consistent with its purpose and does not request credentials or perform suspicious local operations by itself. The main security concern is the typical risk of advising users to run remote installer scripts piped to a shell and to bulk-install all skills, which increases the chance of executing unreviewed code. Recommend: inspect remote installer scripts before running (curl ... | sh), avoid bulk installing untrusted skills, and prefer reviewing packages from known, signed sources. LLM verification: The skill fragment is coherent with its stated purpose as an onboarding/documentation piece but contains high-risk installation patterns (pipe-to-shell downloads and external installers) without integrity verification. This exposes users to potential supply-chain risks if external sources are compromised. The footprint is disproportionate given the stated goal of discovery/install guidance, and the data flow via remote installer scripts warrants caution or remediation. Recommend validating insta