Trust Assessment
gitops-workflows received a trust score of 10/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 17 findings: 5 critical, 7 high, 5 medium, and 0 low severity. Key findings include Arbitrary command execution, Missing required field: name, Suspicious import: requests.
The analysis covered 4 layers: manifest_analysis, llm_behavioral_safety, dependency_graph, static_code_analysis. The manifest_analysis layer scored lowest at 0/100, indicating areas for improvement.
Last analyzed on February 11, 2026 (commit b06435d5). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings17
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Arbitrary command execution Python shell execution (os.system, subprocess) Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Unknown | /var/folders/1k/67b8r20n777f_xcmmm8b7m5h0000gn/T/skillscan-clone-vpxv3709/repo/gitops-workflows/scripts/oci_artifact_checker.py:71 | |
| CRITICAL | Arbitrary command execution Python shell execution (os.system, subprocess) Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Unknown | /var/folders/1k/67b8r20n777f_xcmmm8b7m5h0000gn/T/skillscan-clone-vpxv3709/repo/gitops-workflows/scripts/oci_artifact_checker.py:88 | |
| CRITICAL | Arbitrary command execution Python shell execution (os.system, subprocess) Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Unknown | /var/folders/1k/67b8r20n777f_xcmmm8b7m5h0000gn/T/skillscan-clone-vpxv3709/repo/gitops-workflows/scripts/promotion_validator.py:16 | |
| CRITICAL | Arbitrary command execution Python shell execution (os.system, subprocess) Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Unknown | /var/folders/1k/67b8r20n777f_xcmmm8b7m5h0000gn/T/skillscan-clone-vpxv3709/repo/gitops-workflows/scripts/sync_drift_detector.py:29 | |
| CRITICAL | Insecure Communication (SSL Verification Disabled) The `check_argocd_health.py` script disables SSL certificate verification (`verify=False`) when making HTTP requests to the ArgoCD server. This makes the connection vulnerable to Man-in-the-Middle (MITM) attacks, potentially allowing an attacker to intercept or alter communication, including credentials (tokens, username/password) and sensitive application health data. This is particularly critical during the login process where credentials are sent. Enable SSL certificate verification by removing `verify=False` or setting it to `True`. Ensure the system has trusted CA certificates configured. If using self-signed certificates, provide the path to the CA certificate bundle. | Unknown | scripts/check_argocd_health.py:40 | |
| HIGH | Dangerous call: subprocess.run() Call to 'subprocess.run()' detected in function 'verify_oci_artifact'. This can execute arbitrary code. Avoid using dangerous functions like exec/eval/os.system. Use safer alternatives. | Unknown | /var/folders/1k/67b8r20n777f_xcmmm8b7m5h0000gn/T/skillscan-clone-vpxv3709/repo/gitops-workflows/scripts/oci_artifact_checker.py:71 | |
| HIGH | Dangerous call: subprocess.run() Call to 'subprocess.run()' detected in function 'verify_oci_artifact'. This can execute arbitrary code. Avoid using dangerous functions like exec/eval/os.system. Use safer alternatives. | Unknown | /var/folders/1k/67b8r20n777f_xcmmm8b7m5h0000gn/T/skillscan-clone-vpxv3709/repo/gitops-workflows/scripts/oci_artifact_checker.py:88 | |
| HIGH | Dangerous call: subprocess.run() Call to 'subprocess.run()' detected in function 'get_git_diff'. This can execute arbitrary code. Avoid using dangerous functions like exec/eval/os.system. Use safer alternatives. | Unknown | /var/folders/1k/67b8r20n777f_xcmmm8b7m5h0000gn/T/skillscan-clone-vpxv3709/repo/gitops-workflows/scripts/promotion_validator.py:16 | |
| HIGH | Dangerous call: subprocess.run() Call to 'subprocess.run()' detected in function 'run_command'. This can execute arbitrary code. Avoid using dangerous functions like exec/eval/os.system. Use safer alternatives. | Unknown | /var/folders/1k/67b8r20n777f_xcmmm8b7m5h0000gn/T/skillscan-clone-vpxv3709/repo/gitops-workflows/scripts/sync_drift_detector.py:29 | |
| HIGH | Command Injection via Unsanitized Arguments (oci_artifact_checker.py) The `oci_artifact_checker.py` script constructs and executes shell commands using `subprocess.run` with arguments (`image`, `provider`) directly taken from command-line input without proper sanitization. An attacker could inject malicious shell commands by crafting these arguments, leading to arbitrary code execution on the host system where the script is run. Sanitize all user-provided inputs before passing them to `subprocess.run`. For `cosign` and `notation` commands, ensure that `image` and `provider` arguments are strictly validated against expected patterns (e.g., image names, allowed providers) and properly escaped if they contain special shell characters. Consider using `shlex.quote` for arguments if they must contain special characters, or avoid shell execution entirely if possible. | Unknown | scripts/oci_artifact_checker.py:59 | |
| HIGH | Command Injection via Unsanitized Arguments (sync_drift_detector.py) The `sync_drift_detector.py` script executes shell commands using `subprocess.run` with arguments (`app_name`, `namespace`) directly taken from command-line input without proper sanitization. An attacker could inject malicious shell commands by crafting these arguments, leading to arbitrary code execution on the host system where the script is run. Sanitize all user-provided inputs before passing them to `subprocess.run`. For `argocd` and `flux` commands, ensure that `app_name` and `namespace` arguments are strictly validated against expected patterns (e.g., Kubernetes resource names) and properly escaped if they contain special shell characters. Consider using `shlex.quote` for arguments if they must contain special characters, or avoid shell execution entirely if possible. | Unknown | scripts/sync_drift_detector.py:34 | |
| HIGH | Command Injection via Unsanitized Arguments (promotion_validator.py) The `promotion_validator.py` script executes a `git diff` command using `subprocess.run` with arguments (`ref1`, `ref2`, `path`) directly taken from command-line input without proper sanitization. An attacker could inject malicious shell commands by crafting these arguments, leading to arbitrary code execution on the host system where the script is run. Sanitize all user-provided inputs before passing them to `subprocess.run`. For `git diff` commands, ensure that `ref1`, `ref2`, and `path` arguments are strictly validated against expected patterns (e.g., Git references, file paths) and properly escaped if they contain special shell characters. Consider using `shlex.quote` for arguments if they must contain special characters, or avoid shell execution entirely if possible. | Unknown | scripts/promotion_validator.py:13 | |
| MEDIUM | Missing required field: name The 'name' field is required for claude_code skills but is missing from frontmatter. Add a 'name' field to the SKILL.md frontmatter. | Unknown | /var/folders/1k/67b8r20n777f_xcmmm8b7m5h0000gn/T/skillscan-clone-vpxv3709/repo/gitops-workflows/SKILL.md:1 | |
| MEDIUM | Suspicious import: requests Import of 'requests' detected. This module provides network or low-level system access. Verify this import is necessary. Network and system modules in skill code may indicate data exfiltration. | Unknown | /var/folders/1k/67b8r20n777f_xcmmm8b7m5h0000gn/T/skillscan-clone-vpxv3709/repo/gitops-workflows/scripts/check_argocd_health.py:14 | |
| MEDIUM | Sensitive environment variable access: $GITHUB_USER Access to sensitive environment variable '$GITHUB_USER' detected in shell context. Verify this environment variable access is necessary and the value is not exfiltrated. | Unknown | /var/folders/1k/67b8r20n777f_xcmmm8b7m5h0000gn/T/skillscan-clone-vpxv3709/repo/gitops-workflows/assets/flux/flux-bootstrap-github.sh:7 | |
| MEDIUM | Sensitive environment variable access: $GITHUB_REPO Access to sensitive environment variable '$GITHUB_REPO' detected in shell context. Verify this environment variable access is necessary and the value is not exfiltrated. | Unknown | /var/folders/1k/67b8r20n777f_xcmmm8b7m5h0000gn/T/skillscan-clone-vpxv3709/repo/gitops-workflows/assets/flux/flux-bootstrap-github.sh:8 | |
| MEDIUM | Sensitive environment variable access: $GITHUB_TOKEN Access to sensitive environment variable '$GITHUB_TOKEN' detected in shell context. Verify this environment variable access is necessary and the value is not exfiltrated. | Unknown | /var/folders/1k/67b8r20n777f_xcmmm8b7m5h0000gn/T/skillscan-clone-vpxv3709/repo/gitops-workflows/assets/flux/flux-bootstrap-github.sh:9 |
Scan History
Embed Code
[](https://skillshield.io/report/9672c82b9318dd0b)
Powered by SkillShield