Security Audit

market-research-reports

github.com/davila7/claude-code-templates

AI SkillCommit 458b11867eae

CRITICAL

Scanned 2 months ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

market-research-reports received a trust score of 10/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.

SkillShield's automated analysis identified 7 findings: 2 critical, 3 high, 1 medium, and 1 low severity. Key findings include Arbitrary command execution, Dangerous tool allowed: Bash, Dangerous call: subprocess.run().

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The Static Code Analysis layer scored lowest at 40/100, indicating areas for improvement.

Last analyzed on February 11, 2026 (commit 458b1186). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

61%

Static Code Analysis

40%

Dependency Graph

100%

LLM Behavioral Safety

85%

Behavioral Risk Signals

Network Access

1 finding

Filesystem Write

1 finding

Shell Execution

4 findings

Dynamic Code

2 findings

Security Findings7

Severity	Finding	Layer	Location
CRITICAL	Arbitrary command execution Python shell execution (os.system, subprocess) Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands.	Manifest	cli-tool/components/skills/scientific/market-research-reports/scripts/generate_market_visuals.py:375
CRITICAL	Command Injection via LaTeX Compilation The skill explicitly instructs the LLM to generate a LaTeX file (`v1_market_report.tex`) and then explicitly compiles it using `xelatex` and `bibtex` commands. LaTeX supports shell escape commands (e.g., `\write18{...}`). If the LLM is influenced by untrusted input to generate malicious LaTeX commands within the `.tex` file, these commands will be executed during the compilation process, leading to a critical command injection vulnerability. Implement strict sanitization or validation of any user-controlled input that influences the content generated into the LaTeX file. Consider disabling shell escape features in LaTeX compilation (e.g., by running `xelatex` with `--shell-escape=0`) if not strictly necessary, or running compilation in a highly sandboxed environment.	Static	SKILL.md:410
HIGH	Dangerous tool allowed: Bash The skill allows the 'Bash' tool without constraints. This grants arbitrary command execution. Remove unconstrained shell/exec tools from allowed-tools, or add specific command constraints.	Static	cli-tool/components/skills/scientific/market-research-reports/SKILL.md:1
HIGH	Dangerous call: subprocess.run() Call to 'subprocess.run()' detected in function 'generate_visual'. This can execute arbitrary code. Avoid using dangerous functions like exec/eval/os.system. Use safer alternatives.	Static	cli-tool/components/skills/scientific/market-research-reports/scripts/generate_market_visuals.py:375
HIGH	Prompt Injection into Downstream LLMs via User Input The `scripts/generate_market_visuals.py` script, which the skill explicitly instructs to use, takes a user-controlled `topic` argument. This `topic` is directly embedded into prompt templates that are then passed to other skills (`scientific-schematics`, `generate-image`). These downstream skills likely use LLMs for image or schematic generation. A malicious `topic` could contain prompt injection instructions, manipulating the behavior of these image generation LLMs to produce unintended or harmful outputs. Sanitize or validate the `topic` input to prevent prompt injection. Consider using a templating system that escapes user input or explicitly defining safe input patterns for the `topic` argument. Alternatively, ensure that the downstream LLMs are robust against prompt injection.	LLM	scripts/generate_market_visuals.py:50
MEDIUM	Network egress to untrusted endpoints HTTP request to raw IP address Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains.	Manifest	cli-tool/components/mcps/devtools/figma-dev-mode.json:4
LOW	Covert behavior / concealment directives Multiple zero-width characters (stealth text) Remove hidden instructions, zero-width characters, and bidirectional overrides. Skill instructions should be fully visible and transparent to users.	Manifest	cli-tool/components/mcps/devtools/jfrog.json:4

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/19ec90428de08f26.svg)](https://skillshield.io/report/19ec90428de08f26)