analyze-repo

[Skill Scanner] Credential file access detected All findings: [HIGH] data_exfiltration: Credential file access detected (DE002) [AITech 8.2.3] [HIGH] command_injection: Backtick command substitution detected (CI003) [AITech 9.1.4] The specification defines a coherent, benign tool for enterprise-grade repository analysis with layered reporting and executable remediation guidance. While the approach is sound, implementers must enforce access controls for private repos and ensure redaction/policy controls for sensitive project structure in shared reports. LLM verification: The provided SKILL.md describes a legitimate, powerful repository-analysis capability that necessarily reads sensitive artifacts (.env, keys, credentials) to produce evidence-backed reports. There is no direct evidence of malware in the documentation itself, but the specification omits required data-protection controls (redaction, retention, local-only guarantees), which means an implementation could easily become a vehicle for credential exfiltration or leakage if misconfigured or malicious. Re