cache-strategy

[Skill Scanner] Destructive bash command detected (rm -rf, chmod 777) All findings: [CRITICAL] command_injection: Destructive bash command detected (rm -rf, chmod 777) (CI004) [AITech 9.1.4] [HIGH] command_injection: Backtick command substitution detected (CI003) [AITech 9.1.4] No clear malicious behavior detected. This skill is an instructional/configuration document describing legitimate caching strategies and includes audit commands and example code for HTTP headers, service workers, memoization, and Redis caching. It does not perform network exfiltration, remote code execution, or download-execute supply-chain actions. Primary risks are: (1) naive Redis client example without explicit configuration or auth (could connect to unintended Redis instances if copied verbatim), and (2) mention of storing authentication tokens in localStorage (a known insecure pattern) — these are implementation risks that should be fixed by following secure deployment practices. Recommend reviewers ensure any copied examples are hardened (explicit Redis configuration and auth, avoid storing sensitive tokens in localStorage, validate cache invalidation) before use. LLM verification: This skill is functionally consistent with its stated purpose (caching strategies and templates). It does not contain confirmed malware or remote exfiltration behavior. However, it contains operationally dangerous instructions (rm -rf, redis-cli FLUSHDB), recommends patterns that can lead to credential exposure (storing auth tokens in localStorage, global caching middleware that may cache private responses), and omits explicit secure-connection guidance for Redis. Treat this as a moderate-risk u