extension-guide-v2

[Skill Scanner] Natural language instruction to download and install from URL detected All findings: [CRITICAL] command_injection: Natural language instruction to download and install from URL detected (CI009) [AITech 9.1.4] [CRITICAL] command_injection: URL pointing to executable file detected (CI010) [AITech 9.1.4] BENIGN: The provided fragment is a coherent, self-consistent development guide for Sindri V2 extensions. There are no active code paths, credential reads, or network exfiltration patterns present in the text. The described install methods and registry/documentation processes are standard for extension ecosystems and do not by themselves introduce malicious behavior. Security risk is low in isolation, though normal supply-chain diligence should be applied when implementing real extensions (validate schemas, pin sources, review registry entries). LLM verification: The file is a legitimate developer guide for Sindri V2 extensions and does not contain active malware or hardcoded secrets. However, the schema and examples permit high-risk supply-chain operations (arbitrary shell/script execution, unpinned remote downloads, adding apt repos, unpinned npx execution, and forwarding env vars). These capabilities are appropriate for installing developer tools but present a moderate-to-high supply-chain risk if extensions or the registry are not tightly controlled.