gastown

[Skill Scanner] Installation of third-party script detected All findings: [CRITICAL] command_injection: Installation of third-party script detected (SC006) [AITech 9.1.4] [CRITICAL] command_injection: Installation of third-party script detected (SC006) [AITech 9.1.4] No evidence of intentional malware in the SKILL.md content itself. The skill is an operational orchestration instruction set that legitimately requires running CLI commands, installing software from GitHub, and reading local reference files. Primary risks are operational: the skill centralizes powerful shell execution in the agent (the agent runs gt/bd and install commands on behalf of the user) and suggests fetching and executing code from GitHub without explicit integrity verification. That design is coherent with the skill's purpose but increases the attack surface: if the remote repository or fetched artifacts are compromised, or if the agent is allowed to run commands without explicit, contextual human approval, sensitive data or credentials could be exposed or destructive commands executed. Recommendation: treat this skill as high-privilege — require explicit human approval for installs, limit agent shell permissions, verify remote artifacts (signatures or pinned commits), and audit any automatic merges or writes to repositories. Overall verdict: no direct malicious code found in the provided skill text, but moderate security risk due to automated execution of remote code and system-level operations. LLM verification: No direct malicious code is present in this manifest text, but the skill introduces meaningful supply-chain and operational security risks: unpinned `go install ...@latest` instructions and an explicit design that centralizes shell authority in the agent. These increase the chance that compromised remote repositories or malicious versions of gt/bd could be fetched and executed automatically, enabling data exfiltration or system modification. Mitigations: pin versions/commits, require human appro