mcp-development

[Skill Scanner] Backtick command substitution detected All findings: [HIGH] command_injection: Backtick command substitution detected (CI003) [AITech 9.1.4] [HIGH] command_injection: Backtick command substitution detected (CI003) [AITech 9.1.4] [HIGH] command_injection: Backtick command substitution detected (CI003) [AITech 9.1.4] This MCP skill contains plausible developer tools and resources that match its stated purpose, but it exposes high-sensitivity capabilities (database querying, schema introspection, returning application config, filesystem enumeration) without demonstrating necessary safeguards in this fragment. The main risks are: SQL injection or unintended DB statement execution due to naive query concatenation; leakage of secrets if redactSecrets is incomplete; token leakage to remote MCP endpoints via Authorization header; and lack of shown access control. I rate this as suspicious/high-risk until the missing protections (parameterized queries or single-statement enforcement, audited redaction, least-privilege DB credentials, explicit auth/ACLs, transport destination validation) are confirmed implemented. LLM verification: This skill is functionally consistent with its stated purpose (project tooling) but contains several high-impact data-exposure risks appropriate to a development tool: arbitrary SELECT execution and schema dumping can leak sensitive data, and unconstrained file globs can expose filesystem layout. There is no proof of deliberate malicious code in the provided fragment, but the privilege footprint and unsafe patterns (direct SQL concatenation, broad resource exposure) make it suspicious in the sen