start-specification

[Skill Scanner] System prompt extraction attempt All findings: [HIGH] skill_discovery_abuse: System prompt extraction attempt (SD002) [AITech 4.3] [HIGH] skill_discovery_abuse: System prompt extraction attempt (SD002) [AITech 4.3] [HIGH] skill_discovery_abuse: System prompt extraction attempt (SD002) [AITech 4.3] [HIGH] skill_discovery_abuse: System prompt extraction attempt (SD002) [AITech 4.3] [HIGH] skill_discovery_abuse: System prompt extraction attempt (SD002) [AITech 4.3] [HIGH] skill_discovery_abuse: System prompt extraction attempt (SD002) [AITech 4.3] The skill fragment is coherently aligned with its stated purpose of refining discussions into standalone specs. It uses controlled, script-driven discovery and conditional routing to display appropriate state guidance. There are no evident malicious actions, credential handling, or outbound network behavior inherent to the fragment itself. The main risk stems from the trustworthiness of the external discovery script and referenced Markdown guidance, not from the fragment’s own logic. LLM verification: This SKILL.md appears to implement a legitimate-sounding workflow for starting a specification session, but it contains multiple high-risk control patterns: a ZERO OUTPUT RULE (prompt-injection style), a mandatory /migrate step, and a forced execution of a repository shell script for discovery. Those elements are disproportionate to the stated task and reduce operator visibility, creating a supply-chain and prompt-injection risk. I do not find explicit malware (no obfuscated code or known exfilt