docx

[Skill Scanner] Installation of third-party script detected All findings: [HIGH] supply_chain: Installation of third-party script detected (SC006) [AITech 9.1.4] [HIGH] supply_chain: Installation of third-party script detected (SC006) [AITech 9.1.4] [HIGH] supply_chain: Installation of third-party script detected (SC006) [AITech 9.1.4] [HIGH] supply_chain: Installation of third-party script detected (SC006) [AITech 9.1.4] [HIGH] supply_chain: Installation of third-party script detected (SC006) [AITech 9.1.4] BENIGN. The skill/documentation is a legitimate, workflow-oriented guide for .docx manipulation using established tools. It does not introduce suspicious data flows, credentials, or remote execution patterns. The primary risk is typical supply-chain risk associated with tooling (untrusted tool sources, versioning), but this is standard for development workflows and not indicative of malicious intent within the described scope. LLM verification: This skill's stated purpose (docx creation/editing/analysis) matches the described capabilities, but it includes several supply-chain and execution risks. The key concerns: mandatory execution of local unpack/pack Python scripts without verification, unpinned/global installs via apt/npm/pip, and repeated instructions to read entire large documentation files. These patterns increase the chance that malicious or compromised dependencies or scripts could execute on the host. I assess this skill as