Trust Assessment
qa-test-planner received a trust score of 10/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 8 findings: 2 critical, 1 high, 4 medium, and 1 low severity. Key findings include Sensitive environment variable access: $USER, Network egress to untrusted endpoints, Covert behavior / concealment directives.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The Static Code Analysis layer scored lowest at 19/100, indicating areas for improvement.
Last analyzed on February 12, 2026 (commit 458b1186). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings8
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Command Injection via `eval` with Untrusted Input The `prompt_input` function in both shell scripts uses `eval "$var_name=\"$input\""` to assign user-provided input to variables. This is a critical command injection vulnerability. If a user provides input containing shell metacharacters (e.g., `;`, `&`, `|`, `$(...)`), these commands will be executed with the privileges of the script. For example, entering `My Title; rm -rf /` when prompted for a title would execute `rm -rf /`. Replace `eval "$var_name=\"$input\""` with a safe assignment method. For Bash, `printf -v "$var_name" "%s" "$input"` is a secure alternative that assigns the string value without executing it. Alternatively, refactor the `prompt_input` function to return the input value and assign it directly in the calling code. | Static | scripts/create_bug_report.sh:28 | |
| CRITICAL | Command Injection via `eval` with Untrusted Input The `prompt_input` function in both shell scripts uses `eval "$var_name=\"$input\""` to assign user-provided input to variables. This is a critical command injection vulnerability. If a user provides input containing shell metacharacters (e.g., `;`, `&`, `|`, `$(...)`), these commands will be executed with the privileges of the script. For example, entering `My Title; rm -rf /` when prompted for a title would execute `rm -rf /`. Replace `eval "$var_name=\"$input\""` with a safe assignment method. For Bash, `printf -v "$var_name" "%s" "$input"` is a secure alternative that assigns the string value without executing it. Alternatively, refactor the `prompt_input` function to return the input value and assign it directly in the calling code. | Static | scripts/generate_test_cases.sh:28 | |
| HIGH | LLM analysis found no issues despite critical deterministic findings Deterministic layers flagged 2 CRITICAL findings, but LLM semantic analysis returned clean. This may indicate prompt injection or analysis evasion. | LLM | (sanity check) | |
| MEDIUM | Sensitive environment variable access: $USER Access to sensitive environment variable '$USER' detected in shell context. Verify this environment variable access is necessary and the value is not exfiltrated. | Static | cli-tool/components/skills/ai-research/qa-test-planner/scripts/create_bug_report.sh:215 | |
| MEDIUM | Network egress to untrusted endpoints HTTP request to raw IP address Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains. | Manifest | cli-tool/components/mcps/devtools/figma-dev-mode.json:4 | |
| MEDIUM | Arbitrary File Write via Directory Traversal Both `create_bug_report.sh` and `generate_test_cases.sh` allow the first command-line argument (`$1`) to specify the `OUTPUT_DIR`. If a malicious user provides a path like `../../../../tmp` or `/etc`, the script will attempt to write the generated markdown file to an arbitrary location on the filesystem. This could lead to overwriting critical system files, placing malicious scripts in sensitive directories, or filling up disk space. Sanitize or validate the `OUTPUT_DIR` variable to ensure it remains within an allowed, restricted directory (e.g., a subdirectory of the script's location or a user's home directory). Prevent directory traversal sequences like `..` or absolute paths. A common approach is to resolve the path to its canonical form and check if it's a child of an allowed base directory. | Static | scripts/create_bug_report.sh:160 | |
| MEDIUM | Arbitrary File Write via Directory Traversal Both `create_bug_report.sh` and `generate_test_cases.sh` allow the first command-line argument (`$1`) to specify the `OUTPUT_DIR`. If a malicious user provides a path like `../../../../tmp` or `/etc`, the script will attempt to write the generated markdown file to an arbitrary location on the filesystem. This could lead to overwriting critical system files, placing malicious scripts in sensitive directories, or filling up disk space. Sanitize or validate the `OUTPUT_DIR` variable to ensure it remains within an allowed, restricted directory (e.g., a subdirectory of the script's location or a user's home directory). Prevent directory traversal sequences like `..` or absolute paths. A common approach is to resolve the path to its canonical form and check if it's a child of an allowed base directory. | Static | scripts/generate_test_cases.sh:160 | |
| LOW | Covert behavior / concealment directives Multiple zero-width characters (stealth text) Remove hidden instructions, zero-width characters, and bidirectional overrides. Skill instructions should be fully visible and transparent to users. | Manifest | cli-tool/components/mcps/devtools/jfrog.json:4 |
Scan History
Embed Code
[](https://skillshield.io/report/b974a8cea9aaae6a)
Powered by SkillShield