Trust Assessment
web-artifacts-builder received a trust score of 85/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 1 finding: 0 critical, 1 high, 0 medium, and 0 low severity. Key findings include Command Injection via unescaped sed argument.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on July 1, 2026 (commit 35414756). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Command Injection via unescaped sed argument The script `scripts/init-artifact.sh` takes the project name as an argument (`$1`) and passes it directly into a `sed` replacement command without sanitization or escaping. If the project name contains a slash followed by the `e` flag (supported by GNU sed), an attacker can execute arbitrary shell commands. For example, a project name like `foo/e touch /tmp/exploited #` will trigger command execution when `sed` processes the file. Avoid using `sed` with unescaped user input. Instead, use a safer alternative like a small Node.js script to parse and update the HTML file, or strictly validate the project name to ensure it only contains alphanumeric characters and hyphens before using it. | LLM | scripts/init-artifact.sh:66 |
Scan History
Embed Code
[](https://skillshield.io/report/0eb813073f43cd03)
Powered by SkillShield