Trust Assessment
judge-llm received a trust score of 68/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 4 findings: 0 critical, 1 high, 2 medium, and 1 low severity. Key findings include Missing required field: name, Sensitive Code Sent to Third-Party LLM, Potential Command Injection via Bash Permission.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The Static Code Analysis layer scored lowest at 69/100, indicating areas for improvement.
Last analyzed on February 15, 2026 (commit 1823c3f6). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings4
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Potential Command Injection via Bash Permission The skill declares 'Bash' permission and describes functionality that involves processing dynamic user inputs such as file paths (`src/file.ts`, `src/**/*.ts`) and git branch names (`--diff main`) to perform operations like 'get staged git changes' or 'get diff against branch'. If these user-provided inputs are not rigorously sanitized and validated before being incorporated into shell commands executed via the 'Bash' permission, an attacker could inject arbitrary shell commands, leading to remote code execution or data manipulation. Implement strict input validation and sanitization for all user-provided arguments that are used in shell commands. Prefer using dedicated libraries or APIs for git operations instead of raw shell commands. If raw Bash is necessary, ensure all arguments are properly escaped and quoted to prevent command injection. | Static | SKILL.md:30 | |
| MEDIUM | Missing required field: name The 'name' field is required for claude_code skills but is missing from frontmatter. Add a 'name' field to the SKILL.md frontmatter. | Static | plugins/specweave/skills/judge-llm/SKILL.md:1 | |
| MEDIUM | Sensitive Code Sent to Third-Party LLM The skill explicitly states it uses the user's `ANTHROPIC_API_KEY` to make 'Opus API calls' for 'Ultrathink Analysis'. This means that user-provided code (from files, staged changes, or git diffs) will be transmitted to Anthropic's servers for evaluation. While this is the core functionality of an LLM-as-Judge skill, it constitutes data exfiltration of potentially sensitive intellectual property or confidential information to a third-party service. Users should be fully aware of this data transfer. Ensure clear and prominent disclosure to the user that their code will be transmitted to Anthropic's API for processing. Advise users not to use this skill with highly sensitive or proprietary code if they are not comfortable with this data transfer. | Static | SKILL.md:20 | |
| LOW | Broad 'Bash' Permission Declared The skill declares the 'Bash' permission, which grants the ability to execute arbitrary shell commands on the host system. While the skill's description indicates a need for git operations (which often rely on shell commands), this permission is very powerful and carries inherent risks. Any vulnerability in the skill's command construction could be exploited to execute malicious code. Review if the 'Bash' permission can be replaced with more granular permissions or specific tool calls that limit the scope of execution. If 'Bash' is essential, ensure all code paths utilizing it are thoroughly audited for security vulnerabilities, especially command injection. | Static | Manifest:1 |
Scan History
Embed Code
[](https://skillshield.io/report/d1e2dfa99dadce84)
Powered by SkillShield