ai-integration

[Skill Scanner] Destructive bash command detected (rm -rf, chmod 777) All findings: [CRITICAL] command_injection: Destructive bash command detected (rm -rf, chmod 777) (CI004) [AITech 9.1.4] [HIGH] command_injection: Backtick command substitution detected (CI003) [AITech 9.1.4] This Skill file is documentation and example code for AI integration with the Vercel AI SDK v6. I found no intentional malicious code, no external download-and-execute patterns, and no credential-harvesting network flows. The largest practical risks are developer mistakes from copy/pasting malformed fragments and the presence of an example destructive tool (deleteFileTool) which — if implemented or wired without proper approval safeguards — could perform harmful filesystem operations. Overall the material is benign but requires careful handling by implementers to avoid accidental exposure or destructive actions. LLM verification: This SKILL.md is primarily instructional and aligned with its stated purpose (building agents with the Vercel AI SDK). There is no clear evidence of intentionally malicious code (no obfuscated payloads, hardcoded exfiltration endpoints, or curl|bash download-execute patterns). However, there are moderate supply-chain/security concerns: truncated/malformed examples that could lead to insecure implementations, explicit examples of destructive filesystem operations (deleteFile/rm -rf) that require