Trust Assessment
content-creator received a trust score of 60/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 4 findings: 0 critical, 2 high, 1 medium, and 1 low severity. Key findings include Network egress to untrusted endpoints, Covert behavior / concealment directives, Potential Data Exfiltration via Path Traversal in Script Input.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 12, 2026 (commit 458b1186). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings4
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Potential Data Exfiltration via Path Traversal in Script Input The skill instructs the LLM to execute Python scripts (`scripts/brand_voice_analyzer.py` and `scripts/seo_optimizer.py`) with a user-controlled file path as a command-line argument. Although the provided Python snippets show analysis functions taking string content, the usage examples in `SKILL.md` imply that the scripts' main entry points will read files directly from the provided paths. If the scripts do not sanitize or validate these file paths (e.g., by resolving to an absolute path and checking against an allowed directory), an attacker could provide a path traversal sequence (e.g., `../../../../etc/passwd`) to read arbitrary files on the host system. The content of these files would then be processed by the scripts and included in their output (e.g., word count, keyword density, readability score), leading to data exfiltration. Modify the Python scripts to either: 1) Have the LLM read the file content and pass it as a string argument to the Python function, rather than passing a file path. 2) If file paths must be accepted, implement robust path sanitization and validation within the scripts' main function. This includes resolving the path to its absolute form and ensuring it resides within an explicitly allowed, non-sensitive directory. Avoid directly opening user-supplied paths without such checks. | Static | SKILL.md:40 | |
| HIGH | Potential Data Exfiltration via Path Traversal in Script Input The skill instructs the LLM to execute Python scripts (`scripts/brand_voice_analyzer.py` and `scripts/seo_optimizer.py`) with a user-controlled file path as a command-line argument. Although the provided Python snippets show analysis functions taking string content, the usage examples in `SKILL.md` imply that the scripts' main entry points will read files directly from the provided paths. If the scripts do not sanitize or validate these file paths (e.g., by resolving to an absolute path and checking against an allowed directory), an attacker could provide a path traversal sequence (e.g., `../../../../etc/passwd`) to read arbitrary files on the host system. The content of these files would then be processed by the scripts and included in their output (e.g., word count, keyword density, readability score), leading to data exfiltration. Modify the Python scripts to either: 1) Have the LLM read the file content and pass it as a string argument to the Python function, rather than passing a file path. 2) If file paths must be accepted, implement robust path sanitization and validation within the scripts' main function. This includes resolving the path to its absolute form and ensuring it resides within an explicitly allowed, non-sensitive directory. Avoid directly opening user-supplied paths without such checks. | Static | SKILL.md:79 | |
| MEDIUM | Network egress to untrusted endpoints HTTP request to raw IP address Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains. | Manifest | cli-tool/components/mcps/devtools/figma-dev-mode.json:4 | |
| LOW | Covert behavior / concealment directives Multiple zero-width characters (stealth text) Remove hidden instructions, zero-width characters, and bidirectional overrides. Skill instructions should be fully visible and transparent to users. | Manifest | cli-tool/components/mcps/devtools/jfrog.json:4 |
Scan History
Embed Code
[](https://skillshield.io/report/e86f45cddd03e1fc)
Powered by SkillShield