vm-test-generator

[Skill Scanner] Backtick command substitution detected All findings: [HIGH] command_injection: Backtick command substitution detected (CI003) [AITech 9.1.4] [HIGH] command_injection: Backtick command substitution detected (CI003) [AITech 9.1.4] [HIGH] data_exfiltration: Credential file access detected (DE002) [AITech 8.2.3] [HIGH] data_exfiltration: Credential file access detected (DE002) [AITech 8.2.3] The skill fragment is logically consistent with its declared purpose of auto-detecting test frameworks and generating test scaffolding and plans. It does not exhibit malicious behavior, credential handling, or suspicious network activity. The footprint is proportionate to its stated goal (prompt-driven test generation with framework-aware templates). Potential operational risks exist around filesystem writes and prompt-driven actions, but these are expected for such a tool and can be mitigated with proper sandboxing and permission controls. LLM verification: The skill appears to be a legitimate automated test-generation helper with capabilities to scan a repository, produce a test implementation plan, generate test files, and optionally run test suites. I found no explicit malicious code, obfuscation, or network exfiltration in the provided fragment. The main security concern is operational: the tool requires broad read and write access to the repository and can execute project tests, which creates opportunities to accidentally read or expose sensit