Security Audit
Automattic/agent-skills:skills/wp-phpstan
github.com/Automattic/agent-skillsTrust Assessment
Automattic/agent-skills:skills/wp-phpstan received a trust score of 94/100, placing it in the Trusted category. This skill has passed all critical security checks and demonstrates strong security practices.
SkillShield's automated analysis identified 1 finding: 0 critical, 0 high, 1 medium, and 0 low severity. Key findings include Command Injection via Composer Script Name.
The analysis covered 4 layers: llm_behavioral_safety, manifest_analysis, static_code_analysis, dependency_graph. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 8, 2026 (commit 48d4aa21). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| MEDIUM | Command Injection via Composer Script Name The `suggestCommand` function constructs a shell command using script names derived directly from `composer.json` keys without sanitization or quoting. If a repository contains a malicious `composer.json` with shell metacharacters in a script name (e.g., `"test; malicious_cmd": "phpstan"`), the generated command string will include these characters. When the agent executes this suggested command, the shell will interpret the metacharacters, leading to arbitrary command execution. Sanitize the script name to ensure it contains only safe characters (e.g., `^[a-zA-Z0-9_-]+$`) or wrap the script name in single quotes (e.g., `composer run '${preferred.name}'`) when constructing the command string. | Unknown | scripts/phpstan_inspect.mjs:113 |
Scan History
Embed Code
[](https://skillshield.io/report/fcba5a60577560d6)
Powered by SkillShield