Trust Assessment
database-query received a trust score of 72/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 2 findings: 0 critical, 2 high, 0 medium, and 0 low severity. Key findings include SQL Injection in search_users, SQL Injection in get_user_by_id.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on July 1, 2026 (commit 41fec4a9). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings2
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | SQL Injection in search_users The `search_users` function constructs a SQL query by directly interpolating `search_term` and `table_name` using f-strings. This allows for SQL injection, which can lead to unauthorized data access, modification, or database compromise. Use parameterized queries for the search term (e.g., `?` placeholder in sqlite3) and validate the table name against a strict allowlist of permitted table names before interpolating it. | LLM | query.py:27 | |
| HIGH | SQL Injection in get_user_by_id The `get_user_by_id` function interpolates the `user_id` parameter directly into the SQL query string, exposing the application to SQL injection. Rewrite the query to use parameterized inputs: `conn.execute("SELECT * FROM users WHERE id = ?", (user_id,)).fetchone()` | LLM | query.py:38 |
Scan History
Embed Code
[](https://skillshield.io/report/5f932323fc09f36d)
Powered by SkillShield