Security Audit

affaan-m/everything-claude-code:.cursor/skills/eval-harness

github.com/affaan-m/everything-claude-code

AI SkillCommit db27ba1eb225

CRITICAL

Scanned about 1 month ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

affaan-m/everything-claude-code:.cursor/skills/eval-harness received a trust score of 43/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.

SkillShield's automated analysis identified 2 findings: 0 critical, 2 high, 0 medium, and 0 low severity. Key findings include Excessive tool permissions requested, Potential for Command Injection via Bash tool.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.

Last analyzed on February 24, 2026 (commit db27ba1e). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

100%

Static Code Analysis

100%

Dependency Graph

100%

LLM Behavioral Safety

70%

Behavioral Risk Signals

Network Access

1 finding

Filesystem Write

1 finding

Shell Execution

2 findings

Dynamic Code

2 findings

Excessive Permissions

1 finding

Security Findings2

Severity	Finding	Layer	Location
HIGH	Excessive tool permissions requested The skill's manifest requests 'Read', 'Write', 'Edit', and 'Bash' tools. This combination grants extensive control over the host environment, including arbitrary file system modification and command execution. While some of these might be necessary for an eval harness (e.g., running tests), the broad 'Edit' and 'Bash' permissions without specific scope limitations create a significant attack surface and increase the potential impact of any command injection or other vulnerabilities. Review and narrow down the required tool permissions to the absolute minimum necessary for the skill's functionality. If 'Bash' is essential, ensure all commands executed through it are strictly controlled and sanitized. Consider using more granular tools instead of broad 'Read'/'Write'/'Edit' if specific file operations are needed.	LLM	manifest
HIGH	Potential for Command Injection via Bash tool The skill's manifest declares the 'Bash' tool, and the `SKILL.md` provides examples of shell commands (`grep`, `npm test`, `npm run build`) intended to be executed as part of the evaluation process. Furthermore, the skill describes integration patterns like `/eval define feature-name` where 'feature-name' would likely be user-provided. If the agent running this skill interpolates untrusted user input directly into these shell commands without proper sanitization, it could lead to arbitrary command execution. Implement robust input sanitization and validation for any user-provided strings that are incorporated into shell commands. Consider using safer alternatives to direct shell execution where possible, or strictly whitelist allowed commands and arguments. Ensure that any parameters passed to `Bash` commands are properly escaped or handled to prevent injection.	LLM	SKILL.md:42

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/437eecc675caa096.svg)](https://skillshield.io/report/437eecc675caa096)