cx-init

[Skill Scanner] Backtick command substitution detected All findings: [HIGH] command_injection: Backtick command substitution detected (CI003) [AITech 9.1.4] [HIGH] command_injection: Backtick command substitution detected (CI003) [AITech 9.1.4] This skill/spec is functionally consistent with its stated purpose (initializing a local CX workflow). It does not itself show explicit malicious code or network exfiltration. However, it installs and registers local shell hook scripts and configures automatic permission approval behavior, while offering no concrete provenance or integrity checks for the hook script contents or the 'cx-workflow plugin'. Because hooks run arbitrary shell commands in the repository context and PermissionRequest auto-approval reduces user oversight, this introduces a moderate supply-chain risk. Recommendation: treat as SUSPICIOUS — review the actual hook scripts' contents and ensure any plugin sources are authenticated/signed before running; avoid overly broad auto-approve policies. LLM verification: Functionally the skill is coherent: it legitimately needs to write config and status files, update CLAUDE.md, and register hooks to function. However, the installer gives the agent the ability to execute arbitrary shell scripts placed in the repository and to auto-approve permission requests. Because the hook script contents and the plugin source/integrity checks are not provided, this creates a moderate supply-chain and privilege-escalation risk: an attacker who can modify repository files or s