postgis

[Skill Scanner] Natural language instruction to download and install from URL detected This is a documentation/instruction skill for PostGIS 3.6.1 that is consistent with its stated purpose and contains many legitimate SQL examples for spatial operations. I found no signs of intentional malicious code, obfuscated payloads, or credential-harvesting behavior within the text. The primary risk is operational: the skill’s MANDATORY trigger plus allowed tools (Bash and a wildcard GitHub tool) could lead to automated or mistaken execution of potentially destructive SQL or shell commands against a production database/repository. Treat the SQL examples as high-privilege operations and require human review and safe test environments before executing. Overall verdict: largely benign as documentation, but moderate operational risk if automated. LLM verification: The fragment is largely benign and appropriate as documentation/guidance for PostGIS 3.6.1 usage. The only notable anomaly is a reference to an external documentation URL for SFCGAL, which should be treated as a false positive risk in this context. No credentials, secrets, or data exfiltration behavior detected.