portpilot-assistant

[Skill Scanner] Backtick command substitution detected Functionally, this skill matches its stated purpose of converting NL to local portpilot CLI commands and enforces confirmations for write operations. However, the one-time sandbox escalation (sandbox_permissions: require_escalated) combined with a prefix_rule that allows running node with a resolved path is a notable risk: if the bundled CLI file can be replaced or the resolved path is under attacker control, granting that escalation would permit arbitrary code execution without further user prompts. The fallback to 'npx -y' increases supply-chain risk because it fetches and runs code from the public npm registry at runtime. Overall the design is plausible and not overtly malicious, but it is suspicious from a supply-chain and privilege-escalation perspective and should require careful review before granting the requested escalation and allowing npx fallback in sensitive environments. LLM verification: No direct malicious payload is present in the skill text itself. However, there are two concerning patterns: 1) the explicit instruction to request a one-time sandbox escalation with a persistent prefix_rule (social-engineering risk — may grant elevated permissions for future runs without clear limits), and 2) a fallback to npx which downloads and executes code from the public npm registry at runtime (supply-chain risk). Together these make the skill SUSPICIOUS: acceptable for local port managem