aspire-ts

[Skill Scanner] Installation of third-party script detected All findings: [CRITICAL] command_injection: Installation of third-party script detected (SC006) [AITech 9.1.4] [CRITICAL] command_injection: Natural language instruction to download and install from URL detected (CI009) [AITech 9.1.4] [HIGH] data_exfiltration: Credential file access detected (DE002) [AITech 8.2.3] [HIGH] data_exfiltration: Credential file access detected (DE002) [AITech 8.2.3] [HIGH] data_exfiltration: Credential file access detected (DE002) [AITech 8.2.3] Benign documentation outlining legitimate integration patterns for JS/TS apps with the Aspire AppHost. No executable code or data flows present that would enable abuse. As a guidance artifact, it does not introduce malicious capabilities or credential exposure within its own scope. LLM verification: This SKILL.md is documentation for integrating JS/TS apps with Aspire's AppHost and contains no direct malicious code. Primary security concerns are standard supply-chain risks: unpinned dependency suggestions, executing package manager installs (which run lifecycle scripts), and injection of service credentials into app runtime. These behaviors are expected for the stated purpose but require normal developer hygiene (pin dependencies, vet packages, avoid storing secrets in repo files, use .dock