Trust Assessment
ci-cd received a trust score of 78/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 2 findings: 0 critical, 1 high, 1 medium, and 0 low severity. Key findings include Unpinned GitHub Actions in Examples, Arbitrary File Read and GitHub Data Access via Script Arguments.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on June 1, 2026 (commit 1489c33a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings2
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Arbitrary File Read and GitHub Data Access via Script Arguments The `pipeline_analyzer.py` script accepts file paths (`--workflow`, `--config`) and a GitHub repository name (`--repo`) as command-line arguments. If an LLM is instructed to execute this script and can control these arguments, it could be coerced to:
1. Read arbitrary local files on the system where the script is executed (e.g., `/etc/passwd`, sensitive configuration files) by providing a malicious file path.
2. Fetch sensitive GitHub Actions run data and logs from any repository that the `gh` CLI (used by the script) is authenticated to, by providing a malicious repository name. This allows for broad data exfiltration beyond the intended scope of analyzing CI/CD pipelines within the current repository. Restrict the scope of file access and GitHub API calls. For file access, consider: - Whitelisting allowed file paths or directories. - Validating file paths to ensure they are within the expected project directory. For GitHub API calls: - Ensure the `gh` CLI is authenticated with minimal necessary permissions. - If possible, restrict the `--repo` argument to only the current repository or a predefined set of allowed repositories. Implement strict input validation for all command-line arguments to prevent path traversal or arbitrary repository access. | Static | scripts/pipeline_analyzer.py:29 | |
| MEDIUM | Unpinned GitHub Actions in Examples The skill's documentation explicitly recommends pinning GitHub Actions to commit SHAs for security (line 165). However, several provided YAML examples for GitHub Actions use floating version tags (e.g., `@v4`, `@v3`) or even the `main` branch (`@main`). Using `@main` is a significant supply chain risk as the action's code can change at any time without warning, potentially introducing vulnerabilities or malicious code. While `@v4` is better than `@main`, it still allows for minor version updates that could introduce breaking changes or vulnerabilities. This inconsistency between recommendation and example introduces a supply chain risk if users copy the examples directly. Update all GitHub Actions examples to pin actions to specific commit SHAs instead of floating tags or branch names (e.g., `actions/checkout@v4` should be `actions/checkout@a81eb40de625c3dcbcd7189b4e9f82a7953bb8f7`). This aligns the examples with the skill's own security best practices. | Static | SKILL.md:450 |
Scan History
Embed Code
[](https://skillshield.io/report/58d233eaaf1464a0)
Powered by SkillShield