self-integration

[Skill Scanner] Natural language instruction to download and install from URL detected All findings: [CRITICAL] command_injection: Natural language instruction to download and install from URL detected (CI009) [AITech 9.1.4] [HIGH] command_injection: Backtick command substitution detected (CI003) [AITech 9.1.4] [HIGH] command_injection: Backtick command substitution detected (CI003) [AITech 9.1.4] [HIGH] command_injection: Backtick command substitution detected (CI003) [AITech 9.1.4] [HIGH] command_injection: Backtick command substitution detected (CI003) [AITech 9.1.4] This skill is an integration proxy that routes all integration work through the Membrane API. The YAML/markdown content itself contains no hidden obfuscation or code that directly performs malicious actions. However, it requires a high-privilege credential (MEMBRANE_TOKEN) that can create connections and run actions across many external services; all data (prompts, action inputs, and external app credentials obtained via OAuth) flows to Membrane rather than directly to official third-party APIs. That centralization is a legitimate design but represents a significant trust and attack surface: if the token is compromised or if Membrane is malicious/compromised, an attacker could enumerate or control connected apps and exfiltrate data. Verdict: BE CAUTIOUS / SUSPICIOUS — the skill itself is functionally consistent with its purpose, but use only if you trust Membrane and properly scope/rotate the token and monitor actions. LLM verification: Functionally the skill is coherent: it documents using a central Membrane API to create connectors, request user authentication, and run actions against external services. There is no direct evidence of obfuscated malware or code-level backdoors in the provided manifest. However, because the skill routes all authentication and action execution through a third-party gateway (Membrane), it requires high trust in that provider; the Membrane token grants potentially broad access. The documentation a