Trust Assessment
ship-learn-next received a trust score of 72/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 4 findings: 0 critical, 1 high, 2 medium, and 1 low severity. Key findings include Network egress to untrusted endpoints, Covert behavior / concealment directives, Path Traversal in generated filename for saving plan.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 12, 2026 (commit 458b1186). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings4
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Path Traversal in generated filename for saving plan The skill instructs the host LLM to save the generated plan to a file using a filename convention that includes a user-derived 'Brief Quest Title'. If this title is not properly sanitized, a malicious user could inject path traversal sequences (e.g., `../`, `/`) to write the plan to an arbitrary location on the filesystem, potentially overwriting sensitive files or writing to directories outside the intended scope. Implement strict sanitization and validation for the `[Brief Quest Title]` to ensure it only contains safe characters and does not include path separators or absolute path indicators. The LLM should be explicitly instructed to sanitize this part of the filename before using the `Write` tool. Alternatively, restrict the `Write` tool to a specific, sandboxed directory. | LLM | SKILL.md:207 | |
| MEDIUM | Network egress to untrusted endpoints HTTP request to raw IP address Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains. | Manifest | cli-tool/components/mcps/devtools/figma-dev-mode.json:4 | |
| MEDIUM | Broad file read permission without scope limitation The skill declares `Read` permission and instructs the host LLM to 'Read the file the user provides'. This implies the LLM can read any file path provided by the user. Without explicit constraints on the file paths (e.g., restricting to a specific directory, file types, or requiring user confirmation for sensitive paths), a malicious user could instruct the LLM to read sensitive system files (e.g., `/etc/passwd`, `.env` files, private keys), potentially leading to data exfiltration or system information disclosure. While the skill's purpose is to process learning content, the broad `Read` instruction creates a vulnerability. Instruct the LLM to validate user-provided file paths, ensuring they are within an allowed directory (e.g., a user's workspace or a designated input folder) and do not point to sensitive system locations. Implement explicit checks for path traversal attempts. Consider requiring user confirmation for reading files outside a predefined safe zone. | LLM | SKILL.md:52 | |
| LOW | Covert behavior / concealment directives Multiple zero-width characters (stealth text) Remove hidden instructions, zero-width characters, and bidirectional overrides. Skill instructions should be fully visible and transparent to users. | Manifest | cli-tool/components/mcps/devtools/jfrog.json:4 |
Scan History
Embed Code
[](https://skillshield.io/report/4cbbbe8ab9b987a6)
Powered by SkillShield