try-unblocked

[Skill Scanner] Pipe-to-shell or eval pattern detected All findings: [CRITICAL] command_injection: Pipe-to-shell or eval pattern detected (CI013) [AITech 9.1.4] [CRITICAL] command_injection: URL pointing to executable file detected (CI010) [AITech 9.1.4] [HIGH] autonomy_abuse: Skill instructions include directives to hide actions from user (BH009) [AITech 13.3] [HIGH] command_injection: Reference to external script with install/setup context (SC005) This skill is functionally coherent with its stated purpose — it installs an official CLI, performs browser-based auth, and configures an MCP so an AI agent can query team context. The skill file itself contains no obfuscated or obviously malicious code. However, it requires executing a remote installer (curl | bash) and granting broad access to sensitive systems (PRs, Slack, Jira, docs) via an MCP. Those actions centralize high-value data and create a significant supply-chain and data-exfiltration risk if the install script, the Unblocked service, or the MCP server is compromised or misconfigured. Recommend manual review of the installer script before running, verifying vendor identity, inspecting requested OAuth scopes, limiting token scopes where possible, and reviewing data retention and access policies. Treat as SUSPICIOUS for supply-chain security until the installer and MCP design/policies are audited. LLM verification: The skill’s purpose is aligned with guided setup and context gathering, but the implementation introduces notable supply-chain and credential-privacy risks due to an externally hosted installer and automated authentication steps. To improve safety, require installer integrity verification (hash or signature), distribute the installer via a trusted registry or in-repo asset, enumerate and constrain MCP access scopes, and ensure user-confirmation is preserved in automation contexts. Consider repla