Trust Assessment
validate-skills received a trust score of 85/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 1 finding: 0 critical, 0 high, 0 medium, and 1 low severity. Key findings include Potential Command Injection via Shell Example.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on May 1, 2026 (commit ace14e40). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| LOW | Potential Command Injection via Shell Example The `SKILL.md` file, which is treated as untrusted content, contains a shell command example (`fd -t d -d 1 . skills/`) within a 'How to Run' section. While this specific command is benign (a directory listing), its presence in untrusted input creates a potential command injection vector. If the host LLM is configured to execute code blocks found in documentation, a malicious actor could replace this with a harmful command, leading to arbitrary code execution or data exfiltration. The current command is read-only and low risk, but the pattern is concerning. Avoid including executable shell commands directly within untrusted skill documentation. If examples are necessary, consider presenting them in a way that clearly indicates they are for human reference only and not for LLM execution, or use a format that prevents direct execution by the LLM. For instance, wrap them in non-executable code blocks or describe the command's intent without providing the exact syntax. | LLM | SKILL.md:34 |
Scan History
Embed Code
[](https://skillshield.io/report/bc09ce445a136521)
Powered by SkillShield