schema-validate

[Skill Scanner] Backtick command substitution detected The skill fragment is internally coherent with its stated purpose of multi-ORM schema validation and drift detection. It uses standard, expected toolchains (npx, npm, manage.py, Alembic, etc.) and writes its outputs to local, project-scoped locations. There are no evident malicious data flows or credential handling. The primary risk surface is reliance on external CLIs and potential schema/migration changes, but these are consistent with the tool’s core function rather than malicious behavior. LLM verification: This skill appears to be a legitimate schema validation/drift-detection tool: its capabilities align with its stated purpose and there is no direct evidence of data exfiltration, obfuscated payloads, or hardcoded attacker endpoints. The primary security concern is supply-chain risk: use of npx/npm/pip and unpinned installer suggestions allows remote code to be fetched and executed at run-time, and project npm scripts or CLIs could have side effects depending on the repository. Persisted cache/lo