zoho-crm

[Skill Scanner] Natural language instruction to download and install from URL detected All findings: [CRITICAL] command_injection: Natural language instruction to download and install from URL detected (CI009) [AITech 9.1.4] [HIGH] command_injection: Backtick command substitution detected (CI003) [AITech 9.1.4] [HIGH] command_injection: Backtick command substitution detected (CI003) [AITech 9.1.4] This skill is a documentation-only AI agent skill that proxies Zoho CRM calls through Maton-managed endpoints and requires a MATON_API_KEY. There is no code or obfuscation present that indicates active malware in the provided document. The main risk is architectural: all CRM data, request parameters, and OAuth tokens flow through Maton's infrastructure (gateway.maton.ai, ctrl.maton.ai, connect.maton.ai). That behaviour is consistent with a managed OAuth gateway but concentrates sensitive data and credentials under Maton's control — acceptable only if you trust Maton. No hardcoded secrets or active malicious constructs were found in the provided content. LLM verification: No evidence of code-level malware or obfuscation in the provided documentation. The primary security finding is a high-impact trust boundary: Maton (gateway.maton.ai / ctrl.maton.ai / connect.maton.ai) becomes the central custodian of MATON_API_KEY and OAuth tokens and therefore can read, modify, or exfiltrate CRM data. This is a supply-chain/trust risk rather than an in-document malware implant. Recommend verifying Maton’s security practices, avoiding session tokens in URLs, enforcing least pri