Trust Assessment
latex-posters received a trust score of 45/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 4 findings: 1 critical, 1 high, 1 medium, and 1 low severity. Key findings include Dangerous tool allowed: Bash, Network egress to untrusted endpoints, Covert behavior / concealment directives.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The Static Code Analysis layer scored lowest at 55/100, indicating areas for improvement.
Last analyzed on February 12, 2026 (commit 458b1186). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings4
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Potential Command Injection via User Input in Bash Command The skill explicitly instructs the LLM to use user-provided natural language descriptions to generate schematics. The provided example command `python scripts/generate_schematic.py "your diagram description" -o figures/output.png` demonstrates how this input would be incorporated into a shell command. If the LLM replaces `"your diagram description"` with untrusted user input without proper sanitization or escaping, it could lead to command injection, allowing arbitrary shell commands to be executed. The `Bash` tool is declared in the manifest, enabling such execution. Implement robust input sanitization and escaping for any user-provided text inserted into shell commands. Specifically, ensure that the 'your diagram description' placeholder is replaced with properly escaped user input to prevent shell metacharacters from being interpreted as commands. Consider using a safer method for passing arguments, such as environment variables or temporary files, or strictly validating input against an allow-list if possible. The agent should be explicitly instructed on how to safely handle user input when constructing shell commands. | Static | SKILL.md:46 | |
| HIGH | Dangerous tool allowed: Bash The skill allows the 'Bash' tool without constraints. This grants arbitrary command execution. Remove unconstrained shell/exec tools from allowed-tools, or add specific command constraints. | Static | cli-tool/components/skills/scientific/pptx-posters/SKILL.md:1 | |
| MEDIUM | Network egress to untrusted endpoints HTTP request to raw IP address Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains. | Manifest | cli-tool/components/mcps/devtools/figma-dev-mode.json:4 | |
| LOW | Covert behavior / concealment directives Multiple zero-width characters (stealth text) Remove hidden instructions, zero-width characters, and bidirectional overrides. Skill instructions should be fully visible and transparent to users. | Manifest | cli-tool/components/mcps/devtools/jfrog.json:4 |
Scan History
Embed Code
[](https://skillshield.io/report/eb32ed14fa4bd6a2)
Powered by SkillShield