unlayer-config

[Skill Scanner] Backtick command substitution detected All findings: [HIGH] command_injection: Backtick command substitution detected (CI003) [AITech 9.1.4] [HIGH] command_injection: Backtick command substitution detected (CI003) [AITech 9.1.4] This is documentation/configuration for the Unlayer editor and does not contain malicious code. Primary security concerns are integration-related: accidental exposure of Project Secret in client-side code, allowing arbitrary customJS/CSS, and backend endpoints that trust client-supplied identifiers. Those are misconfiguration risks integrators must mitigate (generate HMAC server-side, authenticate upload/list endpoints, validate uploaded files, and avoid executing untrusted scripts). Overall the skill is benign but requires caution when integrating; follow the doc warnings and secure server-side checks.