Security Audit
dkyazzentwatwa/chatgpt-skills:contract-generator
github.com/dkyazzentwatwa/chatgpt-skillsTrust Assessment
dkyazzentwatwa/chatgpt-skills:contract-generator received a trust score of 38/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 5 findings: 1 critical, 1 high, 2 medium, and 1 low severity. Key findings include Unpinned Python dependency version, Arbitrary File Write via User-Controlled Paths, Arbitrary File Read via User-Controlled Input Paths.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The Static Code Analysis layer scored lowest at 53/100, indicating areas for improvement.
Last analyzed on February 24, 2026 (commit d4bad335). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings5
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Arbitrary File Write via User-Controlled Paths The skill allows users to specify arbitrary file paths for output documents and output directories. In single generation mode, the `--output` argument is directly used to save the generated DOCX. In batch generation mode, the `--output-dir` argument is used to create directories, and the `output_filename` (potentially from the input CSV) is joined with `output_dir`. This design enables an attacker to use path traversal sequences (e.g., `../`) to write files to any location on the filesystem accessible by the skill's process, potentially overwriting critical system files or user data. For example, an attacker could specify `--output ../../../etc/passwd` to attempt to overwrite the password file. Implement strict path validation to ensure all output paths are confined to a designated, non-sensitive output directory. Disallow path traversal sequences (`../`) in user-provided paths. For `output_filename` read from CSV, sanitize it to prevent path traversal before joining with `output_dir`. | Static | scripts/contract_generator.py:90 | |
| HIGH | Arbitrary File Read via User-Controlled Input Paths The skill accepts user-provided file paths for templates (`--template`), variable JSON files (`--vars`), and CSV files (`--csv`). These paths are directly used by `docx.Document()`, `pandas.read_csv()`, and `json.load()` respectively, without validation to restrict access to specific directories. This allows the skill to read arbitrary files from the filesystem accessible by the skill's process. An attacker could instruct the LLM to use this capability to read sensitive files (e.g., `/etc/passwd`, configuration files, private keys) and potentially exfiltrate their content if the LLM is prompted to summarize or return the data. Implement strict path validation to ensure all input file paths are confined to a designated, non-sensitive input directory. Disallow path traversal sequences (`../`) in user-provided paths. If possible, run the skill in a sandboxed environment with minimal file system access. | Static | scripts/contract_generator.py:20 | |
| MEDIUM | Unpinned Python dependency version Requirement 'python-docx>=0.8.11' is not pinned to an exact version. Pin Python dependencies with '==<exact version>'. | Dependencies | contract-generator/scripts/requirements.txt:1 | |
| MEDIUM | Unpinned Python dependency version Requirement 'pandas>=2.0.0' is not pinned to an exact version. Pin Python dependencies with '==<exact version>'. | Dependencies | contract-generator/scripts/requirements.txt:2 | |
| LOW | Unpinned Dependencies in requirements.txt The `requirements.txt` file specifies minimum versions for `python-docx` and `pandas` (e.g., `>=0.8.11`). This allows newer versions of these libraries to be installed automatically. While generally functional, it introduces a supply chain risk as future versions might introduce vulnerabilities, breaking changes, or unexpected behavior without explicit review. Best practice for security and reproducibility is to pin exact versions (`==X.Y.Z`). Pin exact versions for all dependencies in `requirements.txt` (e.g., `python-docx==0.8.11`). Regularly review and update these pinned versions to incorporate security patches and new features. | Static | scripts/requirements.txt:1 |
Scan History
Embed Code
[](https://skillshield.io/report/f7fdb496415b1651)
Powered by SkillShield