github-multi-repo

[Skill Scanner] Installation of third-party script detected All findings: [CRITICAL] command_injection: Installation of third-party script detected (SC006) [AITech 9.1.4] [CRITICAL] command_injection: Installation of third-party script detected (SC006) [AITech 9.1.4] [HIGH] command_injection: Backtick command substitution detected (CI003) [AITech 9.1.4] This skill's described capabilities align with the shown actions (discovery, cloning, changing code, pushing PRs). I did not find explicit malware or obfuscated malicious code. However, the skill requires broad GitHub permissions and runs many shell commands that can modify many repositories and read workspace files; it also includes webhook/remote memory endpoints that, if configured to attacker-controlled services, would enable exfiltration. Therefore the artifact is potentially risky in practice due to overprivilege and external sinks — treat as SUSPICIOUS until proper least-privilege scopes, strict webhook/memory endpoint policies, and input validation are enforced. LLM verification: This skill's actions are largely coherent with its stated purpose, but it carries moderate supply-chain and operational risk. The primary concerns are execution of arbitrary repository code (npm update/test), automated repo writes (commit/push/PR) requiring high-privilege credentials, potential for shell injection via unsanitized repo names, and use of absolute workspace paths that could expose unrelated data. I find no direct indicators of deliberate malware or obfuscation in the provided conte