Trust Assessment
next received a trust score of 85/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 3 findings: 0 critical, 0 high, 2 medium, and 1 low severity. Key findings include Missing required field: name, Skill demonstrates direct shell command execution, Broad file system traversal implied by `find .`.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 15, 2026 (commit 1823c3f6). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| MEDIUM | Missing required field: name The 'name' field is required for claude_code skills but is missing from frontmatter. Add a 'name' field to the SKILL.md frontmatter. | Static | plugins/specweave/skills/next/SKILL.md:1 | |
| MEDIUM | Skill demonstrates direct shell command execution The skill explicitly includes a `bash` command snippet, indicating that the agent is expected to execute shell commands. While the provided command is hardcoded and not directly exploitable from untrusted input in this specific snippet, the presence of direct shell execution capability introduces a significant risk. If the agent's environment is not properly sandboxed, or if future skill modifications or agent implementations allow untrusted input to influence command construction, this could lead to command injection vulnerabilities. This capability also implies the agent operates in an environment where shell execution is permitted. Ensure all shell commands executed by the agent are strictly sandboxed and that no untrusted input can be interpolated into command strings without robust sanitization or escaping. Prefer using safer, language-native alternatives to shell commands where possible to reduce the attack surface. | LLM | SKILL.md:12 | |
| LOW | Broad file system traversal implied by `find .` The skill's workflow includes a `find` command that starts its search from the current directory (`.`). While the command filters for specific files (`spec.md`), the initial traversal of the entire project directory tree implies broad read access to the file system. This could potentially expose file names or paths that are not strictly necessary for the skill's core function, even if the content of those files is not directly processed or exfiltrated. Refine file system access to the minimum necessary scope. If only specific subdirectories are relevant, restrict `find` or other file operations to those paths (e.g., `.specweave/increments`) instead of the entire current directory (`.`). | LLM | SKILL.md:12 |
Scan History
Embed Code
[](https://skillshield.io/report/95f6cb8cbf52575b)
Powered by SkillShield