observable-gepa-migration

[Skill Scanner] Installation of third-party script detected All findings: [HIGH] supply_chain: Installation of third-party script detected (SC006) [AITech 9.1.4] [HIGH] supply_chain: Installation of third-party script detected (SC006) [AITech 9.1.4] Benign: The fragment is a cohesive migration guide for adding observability to GEPA via gepa-observable. It describes standard install steps, import changes, and telemetry-related configuration that would be expected for a monitoring dashboard integration. No malicious data flows, credential harvesting, or insecure patterns are evident in the provided content. LLM verification: This SKILL.md appears to be a legitimate migration and observability guide for GEPA, but it contains multiple supply-chain and data-exfiltration risk patterns: unpinned package installation, capturing LM calls (sensitive data), and forwarding lifecycle events to a user-configured HTTP endpoint without documented safeguards. These behaviors are consistent with the stated purpose (observability) but are high-impact if misconfigured or if the installed package or destination server is untrusted. Re