esm

[Skill Scanner] Installation of third-party script detected All findings: [CRITICAL] command_injection: Installation of third-party script detected (SC006) [AITech 9.1.4] [CRITICAL] command_injection: Installation of third-party script detected (SC006) [AITech 9.1.4] [CRITICAL] command_injection: Installation of third-party script detected (SC006) [AITech 9.1.4] [CRITICAL] command_injection: Natural language instruction to download and install from URL detected (CI009) [AITech 9.1.4] [CRITICAL] command_injection: Installation of third-party script detected (SC006) [AITech 9.1.4] This Skill documentation appears coherent with its stated purpose: providing local and cloud-backed protein modeling and embedding capabilities. There is no evidence in this document of obfuscated or intentionally malicious code. The primary security considerations are operational/privacy: when users use the Forge API or download models from external hubs they will transmit sequence and structural data and use API tokens; those actions create legitimate data-exfiltration and credential-risk vectors if the remote services are untrusted or misused. Also, the 'uv pip' install examples are suspicious/incorrect and should be corrected to avoid accidental execution issues. Overall the Skill is plausibly benign, but users should treat cloud inference and model downloads as sensitive operations and review the Forge and model-hosting providers' privacy, retention, and security policies before sending proprietary data. LLM verification: Overall, the SKILL.md content is coherent with its stated purpose of an AI agent skill for protein modeling. However, several security concerns exist: unpinned pip dependencies and instructions to install from potentially untrusted sources, plus references to token-based Forge usage without explicit secure handling. These patterns are suspicious for a code/material that could be executed in an automation environment. If used as-is, it could enable supply-chain risk or unintended remote code exec