document-parsers

[Skill Scanner] Installation of third-party script detected All findings: [CRITICAL] command_injection: Installation of third-party script detected (SC006) [AITech 9.1.4] [CRITICAL] command_injection: Installation of third-party script detected (SC006) [AITech 9.1.4] [CRITICAL] command_injection: Installation of third-party script detected (SC006) [AITech 9.1.4] [CRITICAL] command_injection: Installation of third-party script detected (SC006) [AITech 9.1.4] [CRITICAL] command_injection: Installation of third-party script detected (SC006) [AITech 9.1.4] [CRITICAL] command_injection: Installation of third-party script detected (SC006) [AITech 9.1.4] [CRITICAL] command_injection: Installation of third-party script detected (SC006) [AITech 9.1.4] [CRITICAL] command_injection: Installation of third-party script detected (SC006) [AITech 9.1.4] [CRITICAL] command_injection: Installation of third-party script detected (SC006) [AITech 9.1.4] [CRITICAL] command_injection: Natural language instruction to download and install from URL detected (CI009) [AITech 9.1.4] [CRITICAL] command_injection: Installation of third-party script detected (SC006) [AITech 9.1.4] Benign. The fragment serves as a guidance/documentation scaffold for multi-format document parsing with multiple backends. No malicious data flows or credential harvesting mechanisms are evident beyond standard example usage with placeholder API keys. The scope and data access stay aligned with the stated purpose of parsing documents and enabling RAG workflows. LLM verification: The skill fragment aligns with its stated function of multi-format document parsing but exhibits notable supply-chain and credential-handling risks: unpinned dependencies, broad installation commands from multiple sources, and embedded API-key usage in examples. Recommend tightening by pinning dependency versions, providing verifiable, provenance-checked installation instructions, removing or securing API keys in sample code, and adding Secrets management guidance and reproducible build guidance