Trust Assessment
pdf received a trust score of 68/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 6 findings: 0 critical, 0 high, 5 medium, and 1 low severity. Key findings include Network egress to untrusted endpoints, Covert behavior / concealment directives, Arbitrary File Write to User-Controlled Directory (Image Output).
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 12, 2026 (commit 458b1186). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings6
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| MEDIUM | Network egress to untrusted endpoints HTTP request to raw IP address Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains. | Manifest | cli-tool/components/mcps/devtools/figma-dev-mode.json:4 | |
| MEDIUM | Arbitrary File Write to User-Controlled Directory (Image Output) The `convert_pdf_to_images.py` script allows writing converted image files to an arbitrary output directory specified by `sys.argv[2]`. An attacker could specify a sensitive system directory (e.g., `/tmp`, `/var/www/html`, or even `/etc` if permissions allow) to write files, potentially overwriting existing files or filling up disk space, leading to denial of service or other system compromise. Restrict the output directory to a designated, sandboxed location (e.g., a temporary directory within the agent's workspace) rather than allowing an arbitrary user-provided path. Implement checks to ensure the path is within an allowed scope. | LLM | scripts/convert_pdf_to_images.py:23 | |
| MEDIUM | Arbitrary File Write to User-Controlled Path (JSON Output) The `extract_form_field_info.py` script writes extracted form field information to a JSON file at a path specified by `sys.argv[2]`. An attacker could specify a sensitive system path to write this JSON, potentially overwriting critical files or filling up disk space, leading to denial of service or other system compromise. Restrict the output path to a designated, sandboxed location (e.g., a temporary directory within the agent's workspace) rather than allowing an arbitrary user-provided path. Implement checks to ensure the path is within an allowed scope. | LLM | scripts/extract_form_field_info.py:147 | |
| MEDIUM | Arbitrary File Write to User-Controlled Path (PDF Output) The `fill_fillable_fields.py` and `fill_pdf_form_with_annotations.py` scripts write modified PDF files to paths specified by command-line arguments (`sys.argv[3]`). An attacker could specify a sensitive system path to write these PDFs, potentially overwriting critical files or filling up disk space, leading to denial of service or other system compromise. Restrict the output path to a designated, sandboxed location (e.g., a temporary directory within the agent's workspace) rather than allowing an arbitrary user-provided path. Implement checks to ensure the path is within an allowed scope. | LLM | scripts/fill_fillable_fields.py:50 | |
| MEDIUM | Arbitrary File Write to User-Controlled Path (Image Output) The `create_validation_image.py` script writes a validation image to a path specified by `sys.argv[4]`. An attacker could specify a sensitive system path to write this image, potentially overwriting critical files or filling up disk space, leading to denial of service or other system compromise. Restrict the output path to a designated, sandboxed location (e.g., a temporary directory within the agent's workspace) rather than allowing an arbitrary user-provided path. Implement checks to ensure the path is within an allowed scope. | LLM | scripts/create_validation_image.py:27 | |
| LOW | Covert behavior / concealment directives Multiple zero-width characters (stealth text) Remove hidden instructions, zero-width characters, and bidirectional overrides. Skill instructions should be fully visible and transparent to users. | Manifest | cli-tool/components/mcps/devtools/jfrog.json:4 |
Scan History
Embed Code
[](https://skillshield.io/report/b31f11d06511e9bf)
Powered by SkillShield