Security Audit

gitops-workflows

github.com/ahmedasmar/devops-claude-skills

AI SkillCommit 1489c33ad882

CAUTION

Scanned 3 days ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

gitops-workflows received a trust score of 54/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.

SkillShield's automated analysis identified 7 findings: 0 critical, 1 high, 4 medium, and 1 low severity. Key findings include Sensitive environment variable access: $GITHUB_USER, Sensitive environment variable access: $GITHUB_REPO, Sensitive environment variable access: $GITHUB_TOKEN.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The Static Code Analysis layer scored lowest at 55/100, indicating areas for improvement.

Last analyzed on June 1, 2026 (commit 1489c33a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

100%

Static Code Analysis

55%

Dependency Graph

100%

LLM Behavioral Safety

100%

Behavioral Risk Signals

Network Access

1 finding

Filesystem Write

2 findings

Shell Execution

7 findings

Dynamic Code

2 findings

Excessive Permissions

3 findings

Security Findings7

Severity	Finding	Layer	Location
HIGH	Potential Command Injection in Flux Bootstrap Script The `flux-bootstrap-github.sh` script constructs shell commands using environment variables (`GITHUB_USER`, `GITHUB_REPO`, `CLUSTER_PATH`) without sufficient sanitization. If an attacker can control these environment variables (e.g., through a crafted prompt that sets them before the script is executed by the agent), they could inject arbitrary shell commands. For example, setting `GITHUB_USER="myuser; rm -rf /"` could lead to remote code execution. Sanitize or strictly validate environment variables before using them in shell commands. For `flux bootstrap github`, ensure that `GITHUB_USER`, `GITHUB_REPO`, and `CLUSTER_PATH` contain only expected characters (e.g., alphanumeric, hyphens, underscores) and do not contain shell metacharacters. Consider using `printf %q` for each argument if the shell supports it, or pass these values as direct arguments to the script and use robust argument parsing.	Static	assets/flux/flux-bootstrap-github.sh:20
MEDIUM	Sensitive environment variable access: $GITHUB_USER Access to sensitive environment variable '$GITHUB_USER' detected in shell context. Verify this environment variable access is necessary and the value is not exfiltrated.	Static	gitops-workflows/skills/assets/flux/flux-bootstrap-github.sh:7
MEDIUM	Sensitive environment variable access: $GITHUB_REPO Access to sensitive environment variable '$GITHUB_REPO' detected in shell context. Verify this environment variable access is necessary and the value is not exfiltrated.	Static	gitops-workflows/skills/assets/flux/flux-bootstrap-github.sh:8
MEDIUM	Sensitive environment variable access: $GITHUB_TOKEN Access to sensitive environment variable '$GITHUB_TOKEN' detected in shell context. Verify this environment variable access is necessary and the value is not exfiltrated.	Static	gitops-workflows/skills/assets/flux/flux-bootstrap-github.sh:9
MEDIUM	Arbitrary File Read Vulnerability in Python Scripts The Python scripts (`scripts/secret_audit.py`, `scripts/validate_gitops_repo.py`) accept a `repo_path` argument which is then used to read files from the local filesystem. If the agent executes these scripts with a user-controlled `repo_path` (e.g., provided by a malicious prompt), an attacker could potentially read arbitrary files on the system where the agent is running (e.g., `/etc/passwd`, `/var/log/auth.log`), leading to data exfiltration or information disclosure. Implement strict validation for the `repo_path` argument. Ensure it points to a legitimate, expected GitOps repository within a confined and secure directory. Consider using `os.path.abspath` and `os.path.commonprefix` to restrict paths to a designated safe directory. If possible, run these scripts in a sandboxed environment with minimal filesystem access.	Static	scripts/secret_audit.py:20
LOW	Unpinned Python Dependency `pyyaml` The Python scripts (`scripts/applicationset_generator.py`, `scripts/secret_audit.py`, `scripts/validate_gitops_repo.py`) import `yaml` (pyyaml) without specifying a version. This introduces a supply chain risk as the script might run with an outdated or vulnerable version of `pyyaml` if the execution environment is not strictly controlled, potentially exposing the system to known vulnerabilities in the library. Include a `requirements.txt` file with pinned versions for all Python dependencies (e.g., `pyyaml==6.0.1`). Ensure the execution environment installs dependencies from this file.	Static	scripts/secret_audit.py:7
INFO	Unpinned External CLI Tool Installations Recommended The `SKILL.md` recommends installing `flux` CLI using `brew install fluxcd/tap/flux` or `curl -s https://fluxcd.io/install.sh \| sudo bash`. These methods fetch the latest version of the tool without specific version pinning. While this is a user instruction and not code executed by the agent, it represents a supply chain risk for the user, as a compromised upstream source could inject malicious code or introduce breaking changes. Recommend installing specific, pinned versions of CLI tools where possible, or provide instructions for verifying checksums of downloaded binaries.	Static	SKILL.md:60

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/20baaf038634ba14.svg)](https://skillshield.io/report/20baaf038634ba14)