stackone-agents

[Skill Scanner] Installation of third-party script detected All findings: [CRITICAL] command_injection: Installation of third-party script detected (SC006) [AITech 9.1.4] [CRITICAL] command_injection: Installation of third-party script detected (SC006) [AITech 9.1.4] [CRITICAL] command_injection: Installation of third-party script detected (SC006) [AITech 9.1.4] This skill is internally consistent with its stated purpose: it documents how to use StackOne SDKs and MCP to enable agent integrations and multi-tenant flows. Network calls go to StackOne and GitHub documentation URLs, and the requested credentials (STACKONE_API_KEY and accountId) are appropriate for the described functionality. The main security consideration is trust in the StackOne service: the API key + account id grant StackOne the ability to act on linked accounts, so developers must use least-privilege keys, keep them secret, and verify the StackOne operator is trusted. No clear indicators of obfuscation or malicious code were found in the provided instruction file.