literature-review

[Skill Scanner] Installation of third-party script detected All findings: [CRITICAL] command_injection: Installation of third-party script detected (SC006) [AITech 9.1.4] [CRITICAL] command_injection: Installation of third-party script detected (SC006) [AITech 9.1.4] [CRITICAL] command_injection: Installation of third-party script detected (SC006) [AITech 9.1.4] [CRITICAL] command_injection: Installation of third-party script detected (SC006) [AITech 9.1.4] [CRITICAL] command_injection: Installation of third-party script detected (SC006) [AITech 9.1.4] BENIGN: The skill is coherently aligned with its literature-review purpose, employs trusted data sources and tooling, maintains proportional access (no secret credentials, standard APIs), and ensures data integrity through citation verification and reproducible outputs. The only minor anomaly is the enforced AI-generated schematics requirement, which is a documented feature rather than a hidden capability. Overall, the footprint is consistent with the stated purpose and is not evidently malicious or oversized in scope. LLM verification: The skill's stated purpose (systematic literature review with generated schematics) is consistent with most capabilities described, but there are supply-chain and data-flow concerns: missing metadata/YAML frontmatter (obscures permissions), a mandatory callout to an external schematics service (science-schematics / 'Nano Banana Pro') that could receive potentially sensitive content, encouragement of Google Scholar scraping, and unpinned installer commands. These are security and privacy risks ra