nushell

[Skill Scanner] Natural language instruction to download and install from URL detected All findings: [CRITICAL] command_injection: Natural language instruction to download and install from URL detected (CI009) [AITech 9.1.4] [CRITICAL] command_injection: Natural language instruction to download and install from URL detected (CI009) [AITech 9.1.4] [CRITICAL] command_injection: Instruction directing agent to run/execute external content (CI011) [AITech 9.1.4] BENIGN: The skill fragment presents a coherent Nushell guide with normal installation sources, standard data-processing examples, and no reads of sensitive credentials or suspicious network interactions. It aligns with its stated purpose of helping users write Nu scripts and manage structured data pipelines without introducing data exfiltration or malicious behaviors. LLM verification: The Nushell skill documentation aligns with its purpose as a thorough guide to usage and scripting, but includes explicit, multi-path installation instructions and external download references that elevate supply-chain risk in automated contexts. Treat as SUSPICIOUS for automated agent use; require explicit user consent and validation against official sources before any automated execution. No direct malware found within the fragment itself.