Security Audit

invoice-organizer

github.com/ComposioHQ/awesome-claude-skills

AI SkillCommit 27904475d127

CAUTION

Scanned about 2 months ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

invoice-organizer received a trust score of 73/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.

SkillShield's automated analysis identified 1 finding: 1 critical, 0 high, 0 medium, and 0 low severity. Key findings include Potential Command Injection via Unsanitized Filenames/Paths.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.

Last analyzed on February 20, 2026 (commit 27904475). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

100%

Static Code Analysis

100%

Dependency Graph

100%

LLM Behavioral Safety

70%

Behavioral Risk Signals

Filesystem Write

1 finding

Shell Execution

1 finding

Dynamic Code

1 finding

Security Findings1

Severity	Finding	Layer	Location
CRITICAL	Potential Command Injection via Unsanitized Filenames/Paths The skill instructs the agent to execute shell commands (`mkdir`, `cp`, `mv`) where arguments, such as directory names and filenames, are constructed from extracted invoice details (vendor, product description, date). These details originate from untrusted sources (invoice content, user input). If these extracted strings are not rigorously shell-escaped before being passed to these commands, a malicious string (e.g., 'VendorName; rm -rf /') could lead to arbitrary command execution on the host system. While the skill includes an instruction to 'Remove special characters except hyphens' for filenames, this is a guideline for the LLM and not an enforced security mechanism, making it vulnerable to LLM errors or sophisticated bypass attempts. The agent must implement robust shell escaping for all variables derived from untrusted input (invoice content, user prompts) before using them in shell commands. This typically involves using a dedicated shell-escaping function (e.g., `shlex.quote()` in Python) to ensure that special characters are properly neutralized. The skill definition should explicitly state that all dynamic parts of shell commands must be shell-escaped by the agent.	LLM	SKILL.md:170

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/00ef6d7b8b34601f.svg)](https://skillshield.io/report/00ef6d7b8b34601f)