github-multi-repo

[Skill Scanner] Installation of third-party script detected All findings: [CRITICAL] command_injection: Installation of third-party script detected (SC006) [AITech 9.1.4] [CRITICAL] command_injection: Destructive bash command detected (rm -rf, chmod 777) (CI004) [AITech 9.1.4] [CRITICAL] command_injection: Installation of third-party script detected (SC006) [AITech 9.1.4] [CRITICAL] command_injection: Destructive bash command detected (rm -rf, chmod 777) (CI004) [AITech 9.1.4] Functionality aligns with the described purpose (multi-repo orchestration) and uses legitimate tools (gh, git, npm). There is no clear evidence of embedded malware or deliberate exfiltration in the code snippets. However, the workflow exercises a high-risk set of operations: cloning many repositories and running npm install/npm test executes arbitrary code from each repo using the runner's privileges, and automated git push/PR actions require broad GitHub permissions. Additionally, the agent memory calls and Redis endpoint are under-specified and could expose repository metadata or state to external services if misconfigured. Recommend treating this skill as high privilege: enforce least-privilege GitHub tokens, run operations in isolated ephemeral runners or sandboxes, audit and validate repo code before running install/test, and explicitly document and lock down any external agent/memory endpoints. Overall: no clear malware detected, but operational security risk is significant. LLM verification: SUSPICIOUS — The skill's declared purpose matches the behavior (multi-repo orchestration), but it contains multiple operational patterns that increase supply-chain and host compromise risk: cloning many repos and running npm install and npm test on them allows arbitrary code from dependencies or repo lifecycle scripts to execute on the host. The use of rm -rf, unpinned installs, and lack of sandboxing or integrity checks makes this potentially dangerous if run with broad credentials on a non-iso