github-project-analyzer

[Skill Scanner] Installation of third-party script detected All findings: [CRITICAL] command_injection: Installation of third-party script detected (SC006) [AITech 9.1.4] [CRITICAL] command_injection: Installation of third-party script detected (SC006) [AITech 9.1.4] [CRITICAL] command_injection: Installation of third-party script detected (SC006) [AITech 9.1.4] The skill's stated purpose (automated GitHub project analysis) matches its capabilities (cloning, installing, running tests, analyzing files). The document is not itself malicious, but it is operationally high-risk: it runs untrusted code and dependency install/test steps that can execute arbitrary commands and contact external network endpoints. The skill lacks explicit, enforceable runtime mitigations (sandboxing, network egress restrictions, lifecycle script blocking, dependency integrity checks), so deploying it without strong containment could lead to credential leakage or code execution by malicious repos or dependencies. Recommend treating this skill as suspicious in operational contexts: require isolated ephemeral environments (containers/VMs with no secrets), block lifecycle scripts or validate them, restrict egress, and avoid using host credentials (GH_TOKEN, SSH agent, AWS keys) during analysis. LLM verification: This Skill is functionally consistent (it needs to clone repos, install dependencies, run tests and examples). However, it instructs executing arbitrary third-party code and installing arbitrary dependencies on the host without documenting sandboxing, provenance checks, or protections against credential leakage. That operational capability is a common supply-chain risk: a malicious repository could include postinstall/test scripts that exfiltrate secrets, execute reverse shells, or modify the sy