skill-creator

[Skill Scanner] Backtick command substitution detected All findings: [HIGH] command_injection: Backtick command substitution detected (CI003) [AITech 9.1.4] [HIGH] command_injection: Backtick command substitution detected (CI003) [AITech 9.1.4] [HIGH] command_injection: Backtick command substitution detected (CI003) [AITech 9.1.4] Benign: The provided fragment is a comprehensive design/guide for creating and managing Claude Code skills. There is no executable payload, credential exposure, or external data flow evident in the text. If implemented, standard security hygiene should be applied to any included scripts or templates to prevent misuse, but the fragment itself poses low risk. LLM verification: SKILL.md is a legitimate, benign authoring template for an agent 'skill-creator'. It does not contain overt malware or obfuscated payloads. However, it documents and endorses features (dynamic command preprocessing, hooks, and permissive allowed-tools) that, if implemented without safeguards, enable local command execution and potential exposure of sensitive local data (secrets, environment variables, repository contents). Operational controls and restrictive defaults should be applied before en