Security Audit

dkyazzentwatwa/chatgpt-skills:data-type-converter

github.com/dkyazzentwatwa/chatgpt-skills

AI SkillCommit d4bad33523ff

CRITICAL

Scanned about 1 month ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

dkyazzentwatwa/chatgpt-skills:data-type-converter received a trust score of 37/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.

SkillShield's automated analysis identified 8 findings: 2 critical, 1 high, 4 medium, and 0 low severity. Key findings include Unpinned Python dependency version, Arbitrary File Read via load() and convert(), Arbitrary File Write via save() and convert().

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 25/100, indicating areas for improvement.

Last analyzed on February 24, 2026 (commit d4bad335). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

100%

Static Code Analysis

100%

Dependency Graph

72%

LLM Behavioral Safety

25%

Behavioral Risk Signals

Filesystem Write

3 findings

Shell Execution

3 findings

Dynamic Code

1 finding

Excessive Permissions

2 findings

Security Findings8

Severity	Finding	Layer	Location
CRITICAL	Arbitrary File Write via save() and convert() The `save()` method, and consequently the `convert()` method, allow writing converted data to any file path provided as `filepath` or `output_path`. If these paths are derived directly from untrusted user input, a malicious actor could instruct the agent to write to sensitive system locations (e.g., `/etc/crontab`, `~/.bashrc`, web server configuration files, or executable scripts in common PATH directories), potentially leading to arbitrary code execution, privilege escalation, or denial of service. Implement strict path validation to ensure `output_path` is within an allowed, sandboxed directory. Prevent path traversal (`../`). Consider using a dedicated temporary directory for all input/output operations.	LLM	scripts/data_converter.py:120
CRITICAL	Arbitrary Directory Traversal and Batch File Operations The `batch_convert()` method allows specifying arbitrary `input_dir` and `output_dir` paths. It then uses `input_dir_path.glob('*/')` to iterate through all files and subdirectories within the `input_dir`. This allows a malicious actor to read all files from an arbitrary directory (Data Exfiltration) and write converted versions to another arbitrary directory (Command Injection/Data Exfiltration). This grants excessive filesystem permissions to the skill if the directories are user-controlled. Implement strict path validation for `input_dir` and `output_dir` to ensure they are within an allowed, sandboxed directory. Prevent path traversal (`../`). Limit the scope of `glob` if possible, or ensure the `input_dir` is always a temporary, isolated directory.	LLM	scripts/data_converter.py:204
HIGH	Arbitrary File Read via load() and convert() The `load()` method, and consequently the `convert()` method, allow reading content from any file path provided as `filepath` or `input_path`. If these paths are derived directly from untrusted user input, a malicious actor could instruct the agent to read sensitive files (e.g., `/etc/passwd`, `~/.ssh/id_rsa`, configuration files) from the system where the skill is executed, leading to data exfiltration. Implement strict path validation to ensure `input_path` is within an allowed, sandboxed directory. Prevent path traversal (`../`). Consider using a dedicated temporary directory for all input/output operations if the skill's purpose is not to interact with arbitrary user files.	LLM	scripts/data_converter.py:46
MEDIUM	Unpinned Python dependency version Requirement 'pyyaml>=6.0' is not pinned to an exact version. Pin Python dependencies with '==<exact version>'.	Dependencies	data-type-converter/scripts/requirements.txt:1
MEDIUM	Unpinned Python dependency version Requirement 'toml>=0.10.0' is not pinned to an exact version. Pin Python dependencies with '==<exact version>'.	Dependencies	data-type-converter/scripts/requirements.txt:2
MEDIUM	Unpinned Python dependency version Requirement 'xmltodict>=0.13.0' is not pinned to an exact version. Pin Python dependencies with '==<exact version>'.	Dependencies	data-type-converter/scripts/requirements.txt:3
MEDIUM	Unpinned Python dependency version Requirement 'pandas>=2.0.0' is not pinned to an exact version. Pin Python dependencies with '==<exact version>'.	Dependencies	data-type-converter/scripts/requirements.txt:4
INFO	Loose Dependency Versioning The `requirements.txt` specifies dependencies using `>=` (e.g., `pyyaml>=6.0`). While this ensures a minimum version, it allows for automatic updates to newer versions without explicit review. This could potentially introduce breaking changes or new vulnerabilities if a future version of a dependency contains a flaw. For production environments, exact pinning (`==`) is generally recommended for better reproducibility and security control. Consider pinning dependencies to exact versions (e.g., `pyyaml==6.0.1`) to ensure reproducible builds and prevent unexpected updates that might introduce vulnerabilities or breaking changes. Regularly review and update pinned dependencies.	LLM	scripts/requirements.txt:1

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/8e437c2cd286e003.svg)](https://skillshield.io/report/8e437c2cd286e003)