automated-assessment

SUSPICIOUS: the skill’s core behavior is coherent for repo assessment, and its main dependencies are official and same-org documented, so there is no strong evidence of malware or credential theft. Risk comes from broad bash permissions, generic command checkpoints, autofix file changes, and transitive invocation of other skills, which make it a moderately risky but purpose-aligned assessment skill rather than a clearly malicious one.

This script is security-sensitive. It contains multiple high-risk `eval` statements that evaluate YAML-controlled `target` strings to construct arrays for brace-expansion/pattern expansion. If an attacker can influence the checkpoint YAML, this can lead to arbitrary shell command execution on the runner (clear supply-chain attack surface). Additionally, `type=command` and `preconditions.command` execute commands via child bash after heuristic filtering, which may be bypassable. No explicit malware payload is visible, but the code-injection primitives make overall security risk high for untrusted checkpoint inputs.