Security Audit
daily-meeting-update
github.com/davila7/claude-code-templatesTrust Assessment
daily-meeting-update received a trust score of 68/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 4 findings: 0 critical, 1 high, 2 medium, and 1 low severity. Key findings include Network egress to untrusted endpoints, Covert behavior / concealment directives, Potential Command Injection via User-Provided Repository Names.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 12, 2026 (commit 458b1186). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings4
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Potential Command Injection via User-Provided Repository Names The skill's workflow describes asking the user to 'list the repos' for GitHub/Git activity. If this user-provided list of repository names is directly interpolated into a shell command (e.g., `git log --repo <user_input>`), it could lead to command injection. An attacker could provide malicious input like `'my-repo; rm -rf /'` to execute arbitrary commands on the host system. All user-provided input that will be used in shell commands must be rigorously sanitized or validated. Prefer using API calls or libraries with parameterized inputs over direct shell command interpolation. If shell execution is unavoidable, ensure all user input is properly escaped or quoted to prevent command injection. | Static | SKILL.md:78 | |
| MEDIUM | Network egress to untrusted endpoints HTTP request to raw IP address Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains. | Manifest | cli-tool/components/mcps/devtools/figma-dev-mode.json:4 | |
| MEDIUM | Broad Access to Sensitive Claude Code Session History The skill explicitly states its intention to 'pull your Claude Code session history from yesterday' by accessing files within the `~/.claude/projects` directory. This directory contains sensitive user data, including conversation history, project paths, files touched, and commands executed during past Claude Code sessions. While the skill requests user consent before accessing this data and allows the user to select relevant items, the initial access scope is broad and involves highly sensitive personal and project-related information. The `claude_digest.py` script is designed to read and process this data. Clearly document the full scope and nature of the sensitive data accessed from `~/.claude/projects`. Ensure that only strictly necessary data points are extracted and processed, and that the LLM's handling of this data is secure to prevent accidental leakage. Implement robust data minimization practices. Consider more granular permissions or user controls if possible to limit which specific parts of the session history are accessed. | Static | SKILL.md:109 | |
| LOW | Covert behavior / concealment directives Multiple zero-width characters (stealth text) Remove hidden instructions, zero-width characters, and bidirectional overrides. Skill instructions should be fully visible and transparent to users. | Manifest | cli-tool/components/mcps/devtools/jfrog.json:4 |
Scan History
Embed Code
[](https://skillshield.io/report/36f23b42515b7441)
Powered by SkillShield