start

[Skill Scanner] Backtick command substitution detected All findings: [HIGH] command_injection: Backtick command substitution detected (CI003) [AITech 9.1.4] [HIGH] command_injection: Backtick command substitution detected (CI003) [AITech 9.1.4] No explicit malware or credential harvesting patterns are present in this skill instruction. The capabilities align with the described purpose. The main security risk is execution of repository-controlled scripts (done-cleanup.sh, start-worktree.sh) discovered and invoked by the skill: if an attacker can place or modify files under .claude/skills, they could run arbitrary commands locally, modify repo state, or exfiltrate data. There are no remote download-and-execute patterns, no hardcoded secrets, and external calls appear to be to the expected Linear MCP tools. Recommendation: treat these scripts as sensitive — verify .claude/skills contents before running, avoid running in untrusted repositories, and ensure MCP credentials are stored securely. LLM verification: Functionally the skill is coherent with its stated purpose: creating a Linear issue, creating a git worktree, recording session state, and opening a local Claude session. It does not contain obvious malicious code in the fragment shown. However, it executes repository-provided shell scripts and spawns local processes (osascript -> Terminal -> claude). Those execution sinks are high-impact: if an attacker can modify files in .claude/skills or supply a malicious repository, they can execute arbitr