start-discussion

[Skill Scanner] System prompt extraction attempt All findings: [HIGH] skill_discovery_abuse: System prompt extraction attempt (SD002) [AITech 4.3] [HIGH] skill_discovery_abuse: System prompt extraction attempt (SD002) [AITech 4.3] The manifest itself is not overtly malicious: it describes a plausible workflow that uses repository-local bash scripts to discover project research/discussion files and save session state. There are no hardcoded credentials, external download URLs, or obvious exploit code in the provided content. However, the manifest grants execution rights to several repository-local shell scripts and includes a ZERO OUTPUT RULE plus disabled model invocation — this combination increases risk because those scripts could read sensitive project files or perform network exfiltration without visible agent output. Without reviewing the referenced scripts (discovery.sh, system-check.sh, write-session-state.sh, and others), it is not possible to rule out credential harvesting or exfiltration. I assess this manifest as suspicious/medium-risk: acceptable for trusted, internal repositories but risky if the repository or its scripts are untrusted or if third parties can modify them. LLM verification: The SKILL.md itself is not overtly malicious but contains risky patterns: a strong 'ZERO OUTPUT' directive combined with mandatory execution of local shell scripts and delegation to other skills. These create a moderate supply-chain risk — if the referenced scripts or invoked skills are compromised they could execute arbitrary commands or exfiltrate data while intermediate outputs are suppressed. Recommend manual inspection and integrity verification of discovery.sh, write-session-state.sh, /mig