askprisma

[Skill Scanner] Installation of third-party script detected All findings: [CRITICAL] command_injection: Installation of third-party script detected (SC006) [AITech 9.1.4] [HIGH] command_injection: Backtick command substitution detected (CI003) [AITech 9.1.4] This AskPrisma skill's declared purpose and capabilities are coherent for a local data-analysis assistant. It legitimately needs broad file read access, to run Python, and to write analysis outputs. The main risks are operational: (1) it searches for and executes local scripts (generate_report.py) found in user/global paths, which could run arbitrary code if those files are untrusted or tampered with; (2) it installs Python packages at runtime (pip), increasing supply-chain exposure; and (3) it will use user-provided DB connection strings and environment variables, which are high-value secrets and must be handled carefully. These behaviors are not necessarily malicious but are high-risk if the environment or discovered files are untrusted. Recommend running this skill only in isolated sandboxes, auditing the generate_report.py script and any pip installs, and ensuring credentials are not logged or written to outputs. LLM verification: The AskPrisma skill's documented functionality is appropriate for a data-analysis assistant but it requires high privileges (arbitrary code execution and on-demand package installs) that materially increase supply-chain and local-execution risk. I did not find explicit malicious code, hardcoded secrets, or obfuscation in the provided text; the dominant concerns are: (1) runtime pip installs without pinned verifications (exposes to typosquats and malicious packages), (2) execution of generated co