infisical-sync-skill

No clear indicator of intentional malware is present in this fragment; it is fundamentally a high-privilege secrets synchronization agent design. The main security risks are operational and implementation-dependent: broad sensitive capabilities (vault/file/network write actions), optional scope expansion when project ID is omitted, and explicit inclusion of shell_exec alongside secret-adjacent configuration—which can materially increase the likelihood of accidental secret/credential leakage through logs/process artifacts if not strictly controlled. Overall, treat as a security-critical secret-handling component and verify implementation-level redaction, command construction safety, strict scoping, and token/secret handling guarantees.