init-unblocked

[Skill Scanner] Pipe-to-shell or eval pattern detected All findings: [CRITICAL] command_injection: Pipe-to-shell or eval pattern detected (CI013) [AITech 9.1.4] [CRITICAL] command_injection: URL pointing to executable file detected (CI010) [AITech 9.1.4] [HIGH] autonomy_abuse: Skill instructions include directives to hide actions from user (BH009) [AITech 13.3] [HIGH] command_injection: Reference to external script with install/setup context (SC005) This skill is plausible and internally consistent for a one-time installer: it checks for the CLI, installs it, authenticates, configures an MCP server, and verifies setup with user confirmations. However, it uses a high-risk installation pattern (curl | bash) and describes broad, high-privilege data access (PRs, Slack, Jira, docs) without specifying exact scopes, storage location, or whether data/credentials are proxied through Unblocked servers. Those omissions and the use of an executable remote install script are supply-chain risks. I classify this as SUSPICIOUS: likely legitimate in intent but requiring stronger integrity checks, clearer disclosure of data flows, and explicit permission/scope handling before it should be trusted. LLM verification: Benign-ISH with significant security concerns due to remote-script installation and potential concealment of actions. The flow matches the stated purpose but the install method undermines trust without integrity verification. Implement a signed, pin-pointed installer or package-manager workflow, add explicit user consent and data-access disclosures, and enforce auditability and least-privilege MCP access. Treat as SUSPICIOUS until mitigations are demonstrated.