help

[Skill Scanner] Installation of third-party script detected All findings: [CRITICAL] command_injection: Installation of third-party script detected (SC006) [AITech 9.1.4] [CRITICAL] command_injection: Pipe-to-shell or eval pattern detected (CI013) [AITech 9.1.4] [CRITICAL] command_injection: URL pointing to executable file detected (CI010) [AITech 9.1.4] [HIGH] command_injection: Reference to external script with install/setup context (SC005) Benign: The content is a legitimate help/orientation document for Pinecone skills with standard setup steps and usage guidance. The only credential-related instruction is exporting an API key into the environment, which is typical for CLI/tool usage and does not involve harvesting or leakage beyond standard practice. LLM verification: The skill document is inconsistently aligned with secure supply-chain practices due to references to external, remote installer scripts via curl | sh. This presents a potential attack surface if the instructions are followed without verification. Recommend removing or clearly sanitizing install guidance, replacing with verified, signed installers or containerized installation steps, and adding security cautions.