Trust Assessment
model-merging received a trust score of 73/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 2 findings: 0 critical, 2 high, 0 medium, and 0 low severity. Key findings include Skill instructs direct shell command execution, Unpinned dependencies in installation instructions.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 20, 2026 (commit 458b1186). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings2
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Skill instructs direct shell command execution The skill document contains explicit instructions for executing shell commands such as `git clone`, `pip install`, `mergekit-yaml`, and `python` scripts. An AI agent following these instructions would perform direct shell execution. If the agent allows untrusted user input to influence the arguments of these commands (e.g., model paths in `config.yml`, target directories, or script arguments), it could lead to command injection, arbitrary code execution, or file system manipulation. AI agents should sanitize all user-provided inputs before constructing and executing shell commands. Consider using safer alternatives to direct shell execution where possible, or implement a strict allowlist for commands and arguments. For `mergekit-yaml`, ensure `config.yml` is generated from trusted sources or validated rigorously. | LLM | SKILL.md:29 | |
| HIGH | Unpinned dependencies in installation instructions The skill instructs the installation of dependencies without specifying exact versions. This includes `git clone https://github.com/arcee-ai/mergekit.git` (which clones the latest `main` branch), `pip install mergekit`, and `pip install transformers torch`. Installing unpinned dependencies can lead to supply chain vulnerabilities, as future versions of these packages could introduce breaking changes, security flaws, or even malicious code if the upstream repositories are compromised. Pin all dependencies to specific versions (e.g., `git clone --branch v1.0.0 ...`, `pip install mergekit==1.2.3`, `pip install transformers==4.30.0 torch==2.0.0`). Regularly audit and update pinned dependencies. | LLM | SKILL.md:29 |
Scan History
Embed Code
[](https://skillshield.io/report/4b72a670c58a396a)
Powered by SkillShield