start-review

[Skill Scanner] System prompt extraction attempt All findings: [HIGH] skill_discovery_abuse: System prompt extraction attempt (SD002) [AITech 4.3] [HIGH] skill_discovery_abuse: System prompt extraction attempt (SD002) [AITech 4.3] The SKILL.md-like file is an orchestration/invocation manifest that aligns with its stated purpose (discover plans and drive a review workflow). It contains no embedded network downloads, hardcoded secrets, or obvious backdoors in the provided text. The primary security concern is that the skill is permitted to run local Bash scripts and invoke other skills (e.g., /migrate, technical-review). Those external scripts/skills are not shown and could perform arbitrary operations including network access or credential use. Before executing, you should inspect .claude/skills/start-review/scripts/discovery.sh, .claude/hooks/workflows/system-check.sh, .claude/hooks/workflows/write-session-state.sh and the /migrate and technical-review skill implementations. If those scripts are trusted and reviewed, this skill is low risk; if untrusted, it is a meaningful supply-chain execution risk. LLM verification: The start-review skill is an instruction-only orchestration file that, by itself, contains no direct malicious code, obfuscated payloads, network endpoints, or hardcoded credentials. However, it mandates executing local artifacts (/migrate and discovery.sh) and enforces a ZERO OUTPUT RULE that was flagged by static scanners as similar to system-prompt extraction attempts. These characteristics centralize and amplify supply-chain risk: a compromised migrate implementation or discovery.sh could re