openlicense-images

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 0.90). The skill contains a dangerous pattern where untrusted bytes from a remotely-fetched image are parsed for a "License:" file path and then opened via less/cat, and a flawed validation check makes it possible to read arbitrary local files (local-file disclosure/data exfiltration) and enables supply-chain abuse if the remote repository or image is malicious.