load-template

[Skill Scanner] URL pointing to executable file detected The loader's purpose is legitimate (installing instruction templates). However, the execution example (curl|bash of a raw GitHub URL) and automatic recursive dependency loading create a significant supply-chain and local-execution risk. There is no integrity verification, no approval/sandbox step, and templates are suggested to be stored in a gitignored directory, all of which lower visibility and increase the chance of unnoticed compromise. I found no explicit evidence of malicious code in the snippet itself, but the usage pattern enables arbitrary remote code execution and potential credential/data exposure. Recommend: (1) avoid piping remote scripts directly into a shell; instead download and verify (pinned commit/hash or GPG signature) before running; (2) require interactive approval for each external dependency; (3) provide a dry-run and sandbox mode; (4) do not rely solely on gitignored locations for storage; (5) document the trust model and provide reproducible pinned releases for the loader script. LLM verification: The skill's behavior matches its stated purpose—automatically downloading and installing agent instruction templates. The primary security issue is the instruction to fetch and execute an arbitrary shell script from raw.githubusercontent.com without integrity verification. That pattern creates a strong supply-chain risk: a compromised or malicious template repository (or dependency) could execute arbitrary commands on a user's machine with the user's privileges. The code fragment does not itself