secret-code

[Skill Scanner] Instruction directing agent to run/execute external content All findings: [CRITICAL] command_injection: Instruction directing agent to run/execute external content (CI011) [AITech 9.1.4] [CRITICAL] command_injection: Instruction directing agent to run/execute external content (CI011) [AITech 9.1.4] The skill's stated purpose (reveal a secret code) matches the capabilities it requests (read a file and run a script). The fragment itself contains no hardcoded credentials, obfuscation, or explicit network endpoints. However, mandating execution of an external shell script makes this skill potentially risky: the script could perform arbitrary actions (data exfiltration, destruction, or further credential access). Without seeing scripts/reveal.sh, the risk cannot be fully assessed. Treat the requirement to run the script as a security-sensitive operation and inspect the script before execution. LLM verification: SUSPICIOUS — The skill's explicit requirement to execute an unreviewed shell script as a mandatory step creates a significant supply-chain and runtime risk. Although the stated goal (reveal a secret code) could be achieved by reading the asset alone, forcing script execution allows arbitrary actions including credential harvesting, network exfiltration, or destructive commands. Treat this skill as potentially dangerous until the script contents are inspected or execution is constrained to a stri