script-creation-rules

[Skill Scanner] Installation of third-party script detected All findings: [CRITICAL] command_injection: Installation of third-party script detected (SC006) [AITech 9.1.4] [HIGH] command_injection: Backtick command substitution detected (CI003) [AITech 9.1.4] [HIGH] command_injection: Backtick command substitution detected (CI003) [AITech 9.1.4] Benign: The fragment is a coherent scripting policy guide that prescribes shell and Deno-TS approaches and explicitly disallows Node.js and Python. It does not request, store, or transmit credentials, nor does it perform suspicious network activity. The footprint is proportionate to its stated purpose as a scripting guideline. LLM verification: The skill's stated purpose (prefer shell one-liners, permit Deno TypeScript for complex logic) matches the examples and most capabilities shown. However, the unconditional requirement to use a nonstandard wrapper (`sfw deno run`) without any provenance or explanation is a significant red flag: it alters the execution chain and could be used to intercept scripts, environment variables, or credentials. There is no explicit malicious payload in the document, but the wrapper requirement makes the sk