sop-runner

This SOP-runner skill is a legitimate orchestration tool for executing operational workflows, but it carries significant supply-chain and privilege risks. Primary concerns: arbitrary shell command execution from YAML (capable of running any command under the runner's identity), interpolation of environment variables into commands and HTTP headers (exfiltration risk for secrets), and delegation to AI agents using untrusted context (prompt injection / indirect actions). These capabilities are coherent with the stated purpose (automating SOPs) but are high-risk unless the SOP directory, SOP authoring, and runner permissions are tightly controlled, SOPs are validated or signed, and outgoing endpoints/allowed commands are strictly whitelisted. No explicit evidence of obfuscation or embedded malicious payloads in the provided fragment, but the attack surface is large and could be abused if attackers can write or modify SOP YAMLs or control agent inputs.