Trust Assessment
commit-work received a trust score of 72/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 4 findings: 0 critical, 1 high, 1 medium, and 2 low severity. Key findings include Network egress to untrusted endpoints, Covert behavior / concealment directives, Potential Command Injection via Repository Scripts.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 12, 2026 (commit 458b1186). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings4
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Potential Command Injection via Repository Scripts The skill instructs the AI to "Run the repo's fastest meaningful check (unit tests, lint, or build)". This implies the AI should identify and execute commands defined within the user's repository (e.g., `npm test`, `make build`, `pytest`). If the repository contains malicious scripts (e.g., in `package.json`, `Makefile`, `pyproject.toml`), the AI could be coerced into executing arbitrary commands, leading to command injection. The skill does not specify any sanitization or sandboxing for these executions, relying on the AI's interpretation and execution capabilities. The skill should explicitly state that any execution of repository-defined scripts must be done within a strictly sandboxed environment, with explicit user confirmation, or by only allowing specific, safe commands. Alternatively, the AI should be instructed to *describe* the checks to the user rather than executing them directly. | Static | SKILL.md:49 | |
| MEDIUM | Network egress to untrusted endpoints HTTP request to raw IP address Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains. | Manifest | cli-tool/components/mcps/devtools/figma-dev-mode.json:4 | |
| LOW | Covert behavior / concealment directives Multiple zero-width characters (stealth text) Remove hidden instructions, zero-width characters, and bidirectional overrides. Skill instructions should be fully visible and transparent to users. | Manifest | cli-tool/components/mcps/devtools/jfrog.json:4 | |
| LOW | Exposure of Staged Changes via `git diff --cached` The skill instructs the AI to include the output of `git diff --cached` in its deliverable. This command displays the full content of staged changes, which may include sensitive information such as secrets, API keys, PII, or proprietary code. While this is an intended function for a commit assistant to show the user what will be committed, if the AI's output is logged, stored, or transmitted to a backend service, this could lead to unintended data exposure or exfiltration to an unauthorized party. Implement robust data sanitization or redaction for sensitive information before displaying `git diff --cached` output, especially if AI outputs are logged or transmitted. Ensure the AI's operational environment prevents logging or transmission of sensitive user data. The skill could also instruct the AI to explicitly ask the user for confirmation before displaying potentially sensitive diffs. | Static | SKILL.md:55 |
Scan History
Embed Code
[](https://skillshield.io/report/7b793e7255a61c77)
Powered by SkillShield