Security Audit
cloudflare/agents:agent-think/skills/reproduce
github.com/cloudflare/agentsTrust Assessment
cloudflare/agents:agent-think/skills/reproduce received a trust score of 85/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 1 finding: 0 critical, 1 high, 0 medium, and 0 low severity. Key findings include Arbitrary Command Execution via Untrusted Input Substitution.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on July 17, 2026 (commit 23abbada). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Arbitrary Command Execution via Untrusted Input Substitution The skill instructions describe a workflow that dynamically constructs and executes shell commands using values directly extracted from an untrusted user message envelope (such as `repository`, `issue`, `trigger-comment-id`, and `repo`). For example, the instructions show `gh api repos/<repository>/issues/comments/<trigger-comment-id>/reactions` and `git clone --depth=1 https://github.com/<repo>.git` being executed directly in a bash container. If these fields are not strictly validated or sanitized, an attacker can inject shell metacharacters (e.g., `;`, `&&`, `|`, backticks) into the issue number, repository name, or comment ID to execute arbitrary commands on the container backend. Ensure that all variables extracted from the user message envelope (such as `repository`, `repo`, `issueNumber`, and `trigger-comment-id`) are strictly validated against safe alphanumeric/regex patterns before being interpolated into shell commands. Alternatively, use safe APIs or SDKs instead of raw shell execution to interact with GitHub and Git. | LLM | SKILL.md:13 |
Scan History
Embed Code
[](https://skillshield.io/report/86e072e0b3ae09c4)
Powered by SkillShield