documentation-writing

[Skill Scanner] Installation of third-party script detected All findings: [HIGH] supply_chain: Installation of third-party script detected (SC006) [AITech 9.1.4] [HIGH] supply_chain: Installation of third-party script detected (SC006) [AITech 9.1.4] [HIGH] supply_chain: Installation of third-party script detected (SC006) [AITech 9.1.4] [HIGH] hardcoded_secrets: Generic secret pattern detected (HS005) [AITech 8.2] [HIGH] data_exfiltration: Outbound data post or form upload via curl/wget detected (NW002) [AITech 8.2.3] BENIGN: The skill fragment is coherent with its stated purpose of guiding documentation writing. There are no download/install steps, no credential handling, no network calls, and no data exfiltration patterns. Data flows are non-existent beyond illustrative content. Overall risk is low for a documentation aid. LLM verification: The SKILL is documentation-only and aligns with its stated purpose. It does not contain executable malicious code or backdoors. However, it contains several supply-chain hygiene issues in examples: unpinned dependency installs (npm/pip), an example plaintext password, and a curl POST example that demonstrates sending a password-like field. These are not themselves malware but increase the risk when users copy/paste commands or example credentials into real environments. Recommend: update example