First Seen
Feb 18, 2026
Last Scanned
Feb 22, 2026
Findings
4
Score
85/100
Findings (4)
Detects zero-width characters used to hide content
Remove hidden directives embedded in markdown, HTML comments, or encoded text. All agent-facing text should be explicit and visible in the skill definition.
Likely FP if the match is a standard markdown formatting pattern or HTML comment used for documentation rather than concealing directives.
Detects execution of shell script files via bash/sh command or direct invocation
bash
scripts/ton-info.shReplace direct shell script execution with a language-native implementation or a sandboxed executor. If shell scripts must run, restrict them to a vetted allowlist with integrity checks.
Likely FP if the match references running a script that is part of the skill's own repository (e.g., ./setup.sh) with clear, auditable contents.
Detects execution of shell script files via bash/sh command or direct invocation
bash
scripts/ton-info.shReplace direct shell script execution with a language-native implementation or a sandboxed executor. If shell scripts must run, restrict them to a vetted allowlist with integrity checks.
Likely FP if the match references running a script that is part of the skill's own repository (e.g., ./setup.sh) with clear, auditable contents.
Detects execution of shell script files via bash/sh command or direct invocation
bash
scripts/ton-info.shReplace direct shell script execution with a language-native implementation or a sandboxed executor. If shell scripts must run, restrict them to a vetted allowlist with integrity checks.
Likely FP if the match references running a script that is part of the skill's own repository (e.g., ./setup.sh) with clear, auditable contents.