google-bigquery

[Skill Scanner] Backtick command substitution detected All findings: [HIGH] command_injection: Backtick command substitution detected (CI003) [AITech 9.1.4] [HIGH] command_injection: Backtick command substitution detected (CI003) [AITech 9.1.4] Functionally the skill documentation is coherent: it describes a managed BigQuery gateway that requires a MATON_API_KEY and uses Maton endpoints to handle OAuth and proxy BigQuery API calls. There is no evidence of code-level obfuscation or direct malware in the provided text. However, the design centralizes user queries, OAuth tokens, and API calls through Maton-controlled endpoints (gateway.maton.ai, ctrl.maton.ai, connect.maton.ai). That centralization is a supply-chain/trust risk: a malicious or compromised Maton service could capture OAuth tokens, API keys, queries, and query results. If you do not fully trust Maton or if your threat model forbids third-party intermediaries having access to your BigQuery data or tokens, treat this skill as suspicious and avoid using it. Otherwise, if Maton is trusted and audited, the capability matches its claimed purpose. LLM verification: The SKILL.md content documents a legitimate-seeming BigQuery skill that intentionally routes BigQuery API calls and OAuth flows through a third-party managed gateway (Maton). There is no direct evidence of malware or obfuscated/backdoor code in the provided fragment — it is documentation and examples. However, the choice to proxy all traffic and OAuth tokens through maton.ai (instead of calling Google APIs directly) concentrates sensitive credentials and data in that third-party service. That de