Skill Builder

[Skill Scanner] Installation of third-party script detected All findings: [CRITICAL] command_injection: Installation of third-party script detected (SC006) [AITech 9.1.4] [HIGH] skill_discovery_abuse: System prompt extraction attempt (SD002) [AITech 4.3] [HIGH] command_injection: Backtick command substitution detected (CI003) [AITech 9.1.4] BENIGN. The code fragment is a documentation/template for building Claude Skills and does not perform runtime operations, collect inputs, exfiltrate data, or load external resources. It is internally consistent with its stated purpose of guiding skill creation and validation. Potential issues are documentation quality and user adherence, not security vulnerabilities. LLM verification: The SKILL.md/documentation is legitimate guidance for authoring Claude skills and shows legitimate examples and directory conventions. It does not contain executable malware or obfuscated payloads. However, it documents features and examples that, if misused, create supply-chain and data-exposure risks: skills loaded from the home directory and YAML fields injected into the system prompt can leak secrets; example scripts and 'npm install' usage create vectors for executing unreviewed third‑party