foundry

[Skill Scanner] Backtick command substitution detected All findings: [HIGH] command_injection: Backtick command substitution detected (CI003) [AITech 9.1.4] [HIGH] data_exfiltration: Credential file access detected (DE002) [AITech 8.2.3] [HIGH] data_exfiltration: Credential file access detected (DE002) [AITech 8.2.3] SUSPICIOUS — The Foundry skill's stated purpose of generating and installing code (including self-modification) is coherent with its capabilities, but that exact capability is high-risk for a skill. The manifest shows it will fetch from and publish to external services (npm, GitHub, arXiv, and a Foundry marketplace), write extensions to disk, and can learn/expand over time. While the doc lists blocking of dangerous APIs and sandboxing/review, those protections are described but not verifiable in this file. Because self-modifying code generators can be abused to introduce backdoors or exfiltrate data (especially if marketplace or publishing flows are compromised), this skill should be treated with caution: require strong, enforceable sandboxing, explicit user approvals for any code-writing actions, and auditing of any network submissions to the marketplace. No direct signs of encoded malware or hardcoded secrets were found in the provided text. LLM verification: The Foundry fragment presents a powerful, dual-use meta-extension capable of self-modification and artifact generation. While documentation and security stances exist, the breadth of capabilities implies elevated risk in supply-chain contexts. Recommend strict runtime sandboxing, explicit user consent for self-modification, non-destructive dry-run workflows, comprehensive auditing of generated code, and restricted disk/network access. The current documentation is informative but warrants stronge