Security Audit
finishing-a-development-branch
github.com/coctostan/pi-superpowersTrust Assessment
finishing-a-development-branch received a trust score of 63/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 3 findings: 0 critical, 2 high, 1 medium, and 0 low severity. Key findings include Potential Command Injection via PR Title, Potential Command Injection via Base Branch Name, Potential Command Injection via Dynamic Test Command.
The analysis covered 4 layers: dependency_graph, llm_behavioral_safety, manifest_analysis, static_code_analysis. The static_code_analysis layer scored lowest at 63/100, indicating areas for improvement.
Last analyzed on February 11, 2026 (commit 6d52fe32). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Potential Command Injection via PR Title The skill instructs the agent to create a GitHub Pull Request using `gh pr create --title "<title>"`. If the `<title>` placeholder is populated with unsanitized user input or untrusted data, it could lead to command injection. Malicious input in the title (e.g., containing `"` followed by shell metacharacters) could break out of the double quotes and execute arbitrary commands. Ensure that any user-provided or untrusted input used to populate the `<title>` placeholder is properly sanitized and escaped for shell execution. Specifically, escape double quotes and other shell metacharacters, or consider using a safer method for passing the title if the `gh` CLI supports it (e.g., via a file or environment variable). | Unknown | SKILL.md:90 | |
| HIGH | Potential Command Injection via Base Branch Name The skill instructs the agent to perform `git checkout <base-branch>` and `git merge <feature-branch>`. The `<base-branch>` is determined by `git merge-base` or by asking the user. If the agent asks the user for the base branch name and directly interpolates the unsanitized user input into the `git checkout` command, it could lead to command injection. A malicious branch name (e.g., `"; rm -rf /; #`) could execute arbitrary commands. When determining the `<base-branch>`, especially if involving user input, validate and sanitize the input to ensure it only contains valid branch name characters. Avoid direct interpolation of untrusted input into shell commands. If user input is necessary, ensure it is properly escaped or validated against a strict regex for branch names. | Unknown | SKILL.md:69 | |
| MEDIUM | Potential Command Injection via Dynamic Test Command The skill instructs the agent to run a project's test suite using a placeholder `<test command>`. While examples like `npm test` are given, the skill does not specify how the agent should determine the exact command. If the agent were to ask the user for the test command or derive it from an untrusted configuration file without proper sanitization, it could lead to command injection. Provide explicit instructions on how the agent should determine the test command (e.g., by parsing a specific, trusted configuration file, or by offering a predefined set of safe options). If user input is ever used for the test command, it must be strictly validated and sanitized to prevent arbitrary command execution. | Unknown | SKILL.md:37 |
Scan History
Embed Code
[](https://skillshield.io/report/8b326d0a5047aaad)
Powered by SkillShield