Add SafeSkill security badge (85/100 — Passes with Notes)

[OyaAIProd]

⚠️ SafeSkill Security Scan Results

Metric	Value
Overall Score	85/100 (Passes with Notes)
Code Score	80/100
Content Score	79/100
Findings	169 findings detected (2 critical)
Taint Flows	0
Files Scanned	61
Scan Duration	6.4s

Top Findings

• 🔴 critical: Makes HTTP request via fetch() (co-occurs with filesystem access — potential data exfiltration) (packages/cli/src/utils/extractAbis.ts:37)
• 🔴 critical: Executes code in VM context: createContext() (packages/react/src/Context.ts:12)
• 🟠 high: References sensitive environment variable (packages/mcp/src/project.ts:46)
• 🟠 high: References sensitive environment variable (packages/mcp/src/project.ts:55)
• 🟠 high: Dynamic import with non-literal argument (packages/mcp/src/project.ts:24)

View full report on SafeSkill

---

About SafeSkill

SafeSkill is a free, open-source security scanner for AI tools, MCP servers, and Claude Code skills. We scan for code exploits, prompt injection, and data exfiltration risks.

False positive? We take accuracy seriously. If any finding above is incorrect, please open an issue and we will fix it immediately.

• GitHub | Website | Docs
• Built by Oya.ai -- AI Employees Builder

[vercel]

@OyaAIProd is attempting to deploy a commit to the bonfire Team on Vercel.

A member of the Team first needs to authorize it.