scientific-schematics

[Skill Scanner] Natural language instruction to download and install from URL detected All findings: [CRITICAL] command_injection: Natural language instruction to download and install from URL detected (CI009) [AITech 9.1.4] [CRITICAL] command_injection: Natural language instruction to download and install from URL detected (CI009) [AITech 9.1.4] The analyzed fragment presents a coherent, low-risk, API-assisted workflow for generating high-quality diagrams with iterative QA. The design favors clarity, reproducibility, and publication readiness, with standard credential handling via environment variables and explicit storage of outputs and logs. Overall, the approach is sound for its intended purpose, with manageable external dependencies and clearly defined data flows. LLM verification: The provided SKILL.md is a functional, documentation-first description of a diagram-generation skill that legitimately relies on external AI services. I found no definitive signs of malware or intentional obfuscation in the provided content. The primary security concern is supply-chain and data-exfiltration risk arising from sending user prompts and API keys to third-party AI endpoints whose exact addresses and privacy/retention policies are not documented in this file. Before trusting this skil