git-bisect

[Skill Scanner] Backtick command substitution detected This skill is functionally coherent with its stated purpose: it automates git bisect by generating and running test scripts, validating them against known good/bad commits, and producing analysis files. There is no direct indicator of malicious intent in the provided code. However, it inherently executes repository code and dependency lifecycle scripts (npm install, build, tests), and writes/executes generated scripts in the repository. Those behaviors are legitimate for a bisect tool but constitute a supply-chain/execution risk if the repository or its dependencies are untrusted or if an attacker can influence test scripts. Recommend: only run in repositories you trust, ensure working tree is clean/stashed before running, audit generated test scripts and package.json lifecycle scripts before automated execution, and consider running in an isolated environment or CI runner with least privilege. LLM verification: This skill's functionality is coherent with its stated purpose, but it presents non-trivial supply-chain and code-execution risks. The core risks come from downloading and executing third-party packages (npm install), and from running test/build scripts checked out from historical commits (running untrusted code). There is no sandboxing, pinning of dependencies, or checksum verification described. These behaviors are expected for automated bisect workflows but are high-risk in environments where