citation-management

[Skill Scanner] Backtick command substitution detected All findings: [HIGH] command_injection: Backtick command substitution detected (CI003) [AITech 9.1.4] [HIGH] command_injection: Backtick command substitution detected (CI003) [AITech 9.1.4] No malicious intent found in the provided skill manifest. Features (reading .tex/.bib, querying Semantic Scholar, writing candidate entries, and inserting \cite{}) align with the stated purpose. Main operational risks are: (1) automated edits to source files — run with --dry-run and review changes; (2) storing API keys in plaintext in local files referenced by examples. Because the actual code of the scripts is not included, final trust depends on auditing those local Python scripts before execution. LLM verification: Functionally, the skill performs legitimate citation-management operations that require local file access and network calls to a citation API. The main security issues are insecure secret handling (passing API keys on the command line), potential for large-scale autonomous file modifications without clear transaction/backup/confirmation semantics, and possible insertion of unsanitized external content into .bib/.tex (LaTeX injection risk). There is no explicit evidence of malware in the reviewed