signoff-flow

[Skill Scanner] URL pointing to executable file detected All findings: [CRITICAL] command_injection: URL pointing to executable file detected (CI010) [AITech 9.1.4] [CRITICAL] command_injection: Installation of third-party script detected (SC006) [AITech 9.1.4] [CRITICAL] command_injection: Installation of third-party script detected (SC006) [AITech 9.1.4] [CRITICAL] command_injection: Installation of third-party script detected (SC006) [AITech 9.1.4] [CRITICAL] command_injection: Installation of third-party script detected (SC006) [AITech 9.1.4] [HIGH] command_injection: Reference to external script with install/setup context (SC005) This skill's stated purpose (guiding signoff workflows via GitHub and Jira) aligns with the requested capabilities, and no active malicious code is present in the instruction text itself. However, the operational instructions require the agent to automatically execute system-install and auth commands (including curl|bash Homebrew bootstrap and package manager installs) without per-install human confirmation in several cases. That automatic execution of network-fetched install scripts and automatic triggering of auth flows is high-risk for an autonomous agent and could lead to accidental system changes, credential exposure, or abuse if the agent is compromised or the installer sources are tampered with. Verdict: SUSPICIOUS — capability set is coherent with purpose but the auto-exec install behavior and broad system access are risky and should be constrained: require explicit per-install confirmation, avoid automatic curl|bash installs, and limit scope of repository/organization operations. LLM verification: The skill's stated purpose matches the capabilities requested (GitHub and Jira CLIs, repo cloning, file creation, PRs/tickets). However, the instruction to automatically execute installers and certain auth commands (including running a remote Homebrew install script via curl) without explicit, step-by-step, user-initiated consent is a risky operational design. There is no direct evidence of code that exfiltrates data or contains obfuscated/malicious payloads, so malware probability is low. But t