doc-code-sync

[Skill Scanner] Credential file access detected All findings: [HIGH] data_exfiltration: Credential file access detected (DE002) [AITech 8.2.3] [HIGH] command_injection: Backtick command substitution detected (CI003) [AITech 9.1.4] [HIGH] supply_chain: Installation of third-party script detected (SC006) [AITech 9.1.4] The skill's capabilities match the stated purpose (doc-code sync) and most operations are consistent with that goal. The security concern is operational: the skill runs project-local runtimes and extractor scripts (node -e require(...), node <extractor>) and allows Bash execution. That means scanning untrusted projects could result in arbitrary code execution (modules in node_modules, extractor scripts, or project init code). There are no external download/install instructions in the skill text, no hardcoded secrets, and no explicit data exfiltration endpoints. Overall: not overtly malicious, but moderate supply-chain risk when used on untrusted repositories due to execution of project-provided code. Recommend running in a restricted/sandboxed environment and avoiding scanning untrusted repos with host-level access. LLM verification: The skill’s intended purpose aligns with doc-code drift detection, and the improved assessment emphasizes tightening tooling to minimize security and supply-chain risk. Treat as SUSPICIOUS with elevated risk until sandboxing, least-privilege execution, and explicit data-flow controls are documented and enforced.