aeon-skill-security-scan Skills tell agents what to do. A malicious or sloppy skill can shell-inject, exfiltrate secrets, override instructions, or run destructive commands. This skill scans every installed SKILL.md and companion script and surfaces the risks before they execute. Scope - — primary. - and — companion scripts. - — documents loaded at runtime. Default is the current working directory. Threat patterns | Category | What it looks like | |---|---| | Shell injection | Unquoted variable expansion, , backticks, with user data. | | Secret exfiltration | Env vars or file contents piped t…