Security Audit
anysiteio/agent-skills:skills/anysite-competitor-analyzer
github.com/anysiteio/agent-skillsTrust Assessment
anysiteio/agent-skills:skills/anysite-competitor-analyzer received a trust score of 65/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 3 findings: 1 critical, 1 high, 1 medium, and 0 low severity. Key findings include Potential Command Injection via unsanitized shell arguments, Overly broad tool access via generic `execute` function, Potential data exfiltration via `export_data` with unverified `cache_key`.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 48/100, indicating areas for improvement.
Last analyzed on April 1, 2026 (commit 5cefedb0). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Potential Command Injection via unsanitized shell arguments The skill provides shell commands that directly embed string arguments like 'Competitor Name' and 'https://competitor.com'. If these arguments are derived from untrusted user input and are not properly sanitized or escaped by the LLM before being passed to the shell, a malicious user could inject arbitrary shell commands. For example, providing a competitor name like `"MyCompany; rm -rf /"` could lead to arbitrary code execution on the host system. Ensure all user-provided arguments passed to shell commands are strictly sanitized, escaped (e.g., using `shlex.quote()` in Python), or whitelisted. Ideally, avoid direct shell execution of user-controlled strings. If the `analyze_competitor.py` script itself executes shell commands with these arguments, it must also perform robust sanitization. | LLM | SKILL.md:46 | |
| HIGH | Overly broad tool access via generic `execute` function The skill utilizes a generic `execute(source, category, endpoint, params)` function as its primary data fetching mechanism. If the `source`, `category`, and `endpoint` parameters can be influenced by untrusted user input, a malicious user might be able to invoke unintended tools or endpoints beyond the scope of competitive analysis. This could lead to unauthorized access to other system functionalities, internal tools, or sensitive data not intended for public exposure. Implement strict whitelisting and validation for `source`, `category`, and `endpoint` parameters within the `execute` function. Only explicitly allowed combinations of these parameters should be permitted, preventing the invocation of arbitrary or internal tools. | LLM | SKILL.md:11 | |
| MEDIUM | Potential data exfiltration via `export_data` with unverified `cache_key` The `export_data(cache_key, format)` function is described as returning a download URL for cached data. If the `cache_key` can be manipulated or guessed by a malicious user to access data from other users' caches, or if the generated download URL lacks proper authentication, authorization, or has an excessively long expiry, it could lead to unauthorized data exfiltration of sensitive competitive intelligence. Ensure `cache_key` values are cryptographically secure, unique per user/session, and cannot be guessed or enumerated. Implement robust authentication and authorization checks for all generated download URLs, and enforce short expiry times to limit exposure. | LLM | SKILL.md:17 |
Scan History
Embed Code
[](https://skillshield.io/report/7a25e833c50856e6)
Powered by SkillShield