Trust Assessment
docs received a trust score of 51/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 5 findings: 2 critical, 0 high, 3 medium, and 0 low severity. Key findings include Missing required field: name, Sensitive environment variable access: $HOME, Command Injection via Unsanitized Configuration Directories.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 33/100, indicating areas for improvement.
Last analyzed on February 15, 2026 (commit 1823c3f6). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings5
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Command Injection via Unsanitized Configuration Directories The skill reads a list of documentation directories from `.specweave/config.json` into the `DOC_DIRS` shell variable. This variable is then used in unquoted `for` loops (`for dir in $DOC_DIRS; do ...`) and within `find` commands. If a malicious actor can control or modify `.specweave/config.json`, they can inject arbitrary shell commands into the `directories` array, leading to remote code execution when `DOC_DIRS` is iterated over. Sanitize or validate the content of `DOC_DIRS` before use. When iterating over paths, use `readarray -t DOC_DIRS_ARRAY <<< "$(jq -r '(.documentation.directories // [".specweave/docs"])[]' .specweave/config.json)"` and then iterate safely with `for dir in "${DOC_DIRS_ARRAY[@]}"; do ...`. Ensure all uses of `dir` are properly quoted, e.g., `find "$dir" ...`. | LLM | SKILL.md:20 | |
| CRITICAL | Command Injection via Unsanitized User Topic in Find Command In the 'Topic argument: Search and load docs' section, the `find` command directly embeds the user-provided `<topic>` within its `-iname` argument as `"*<topic>*"`. If the user provides a malicious string for `<topic>` containing shell metacharacters or `find` command options, it can lead to arbitrary command execution. For example, a topic like `"; rm -rf /; echo "` could execute `rm -rf /`. Strictly sanitize the user-provided `<topic>` to remove or escape any shell metacharacters before using it in the `find` command. Consider using `find ... -exec grep -q "<sanitized_topic>" {} \; -print` or similar approaches that pass the topic as a safe argument to another command, rather than directly embedding it in the `find` expression. | LLM | SKILL.md:69 | |
| MEDIUM | Missing required field: name The 'name' field is required for claude_code skills but is missing from frontmatter. Add a 'name' field to the SKILL.md frontmatter. | Static | plugins/specweave/skills/docs/SKILL.md:1 | |
| MEDIUM | Sensitive environment variable access: $HOME Access to sensitive environment variable '$HOME' detected in shell context. Verify this environment variable access is necessary and the value is not exfiltrated. | Static | plugins/specweave/skills/docs/SKILL.md:6 | |
| MEDIUM | Data Exfiltration from User Skill Memories The 'Project Overrides' section explicitly reads content from the user's skill memory file (`$HOME/.claude/skill-memories/docs.md`) using an `awk` command. The output of this command, specifically the 'Learnings' section, is intended to be included in the skill's response. If the user's skill memories contain sensitive or private information within this section, it could be unintentionally disclosed to the LLM or the user. Avoid reading directly from user-specific configuration or memory files in the home directory unless absolutely necessary and with explicit user consent. If reading is required, implement robust filtering and sanitization to ensure only non-sensitive, intended information is extracted. Ensure that any extracted data is not echoed back to the user if it's only for internal LLM context. | LLM | SKILL.md:6 |
Scan History
Embed Code
[](https://skillshield.io/report/4e495d56ce77d978)
Powered by SkillShield