flow-nexus-platform

[Skill Scanner] Installation of third-party script detected All findings: [CRITICAL] command_injection: Installation of third-party script detected (SC006) [AITech 9.1.4] [CRITICAL] command_injection: Installation of third-party script detected (SC006) [AITech 9.1.4] [CRITICAL] command_injection: Installation of third-party script detected (SC006) [AITech 9.1.4] [HIGH] hardcoded_secrets: Generic secret pattern detected (HS005) [AITech 8.2] [HIGH] hardcoded_secrets: Generic secret pattern detected (HS005) [AITech 8.2] [HIGH] hardcoded_secrets: Generic secret pattern detected (HS005) [AITech 8.2] [HIGH] hardcoded_secrets: Generic secret pattern detected (HS005) [AITech 8.2] [HIGH] hardcoded_secrets: Generic secret pattern detected (HS005) [AITech 8.2] [HIGH] hardcoded_secrets: Generic secret pattern detected (HS005) [AITech 8.2] [HIGH] command_injection: Backtick command substitution detected (CI003) [AITech 9.1.4] [HIGH] command_injection: Backtick command substitution detected (CI003) [AITech 9.1.4] This skill's documentation and APIs are coherent with a platform-management purpose but expose high-risk capabilities: arbitrary code execution in sandboxes, acceptance and storage of sensitive secrets, template publishing of raw source code, and automation via an AI assistant with tool-enabling. The document lacks explicit mitigations (isolation, egress controls, secret encryption, code review, least privilege), which makes these capabilities potentially dangerous if used without strong operational controls. I assess low probability of embedded malware in the documentation itself, but the feature set enables straightforward supply-chain and data-exfiltration attacks if misused or if deployed without strict isolation and governance. Recommend treating this skill as suspicious until operational security controls (network egress restrictions, secret handling policies, template review, role-based access controls, and payment safeguards) are confirmed. LLM verification: This file is documentation for a sandbox/platform-management skill. It contains high-privilege operations (create/configure/execute sandboxes, accept env vars and tokens, install third-party packages) that are appropriate for the stated purpose but inherently high-risk. I found no signs of obfuscated or malicious code in the documentation itself — the primary security concerns are operational: untrusted code execution in sandboxes, potential credential exposure through env_vars, and supply-chain