quality-check

[Skill Scanner] Installation of third-party script detected All findings: [CRITICAL] command_injection: Installation of third-party script detected (SC006) [AITech 9.1.4] [HIGH] data_exfiltration: Credential file access detected (DE002) [AITech 8.2.3] BENIGN with actionable guardrails. The quality-check workflow is standard for CI/CD pipelines. The main improvement lever is to add transparency around auto-fixes (diff logging, review prompts) and a safe-override pathway for exceptional cases, while preserving the zero-error policy before commit. LLM verification: This skill is functionally a repository-wide, mandatory pre-commit quality gate that auto-invokes linting/formatting tools and requires a clean run before commits. There is no direct malicious code in the skill text itself, but the operational design is risky: it enforces whole-repo runs and auto-fixers, can cause network downloads and execution of third-party toolchain code (npm/go/cargo), and forbids manual alternatives — all of which increase supply-chain and execution risk. I classify it as