Security Audit
dkyazzentwatwa/chatgpt-skills:feature-engineering-kit
github.com/dkyazzentwatwa/chatgpt-skillsTrust Assessment
dkyazzentwatwa/chatgpt-skills:feature-engineering-kit received a trust score of 50/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 6 findings: 0 critical, 2 high, 3 medium, and 1 low severity. Key findings include Unpinned Python dependency version, Arbitrary File Read via User Input, Arbitrary File Write via User Input.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 68/100, indicating areas for improvement.
Last analyzed on February 24, 2026 (commit d4bad335). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings6
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Arbitrary File Read via User Input The skill reads data from a file path provided directly by the user via the `--data` command-line argument. An attacker could potentially supply a path to a sensitive file on the host system (e.g., `/etc/passwd`, `/root/.ssh/id_rsa`) or an external URL, leading to data exfiltration or unintended access to local resources. This grants the skill excessive permissions to read arbitrary files. Implement strict validation and sanitization of file paths provided by user input. Consider restricting file operations to a designated, sandboxed directory. If reading from arbitrary paths is necessary, ensure the execution environment is isolated and has minimal permissions. For local files, consider using a file picker or explicit user confirmation for sensitive paths. | LLM | scripts/feature_engineering.py:80 | |
| HIGH | Arbitrary File Write via User Input The skill writes processed data to a file path provided directly by the user via the `--output` command-line argument. An attacker could potentially supply a path to a sensitive system file (e.g., `/etc/cron.d/malicious_job`, `/dev/null`) or overwrite important files, leading to denial of service, system compromise, or unintended data corruption. This grants the skill excessive permissions to write to arbitrary files. Implement strict validation and sanitization of file paths provided by user input. Consider restricting file operations to a designated, sandboxed directory. If writing to arbitrary paths is necessary, ensure the execution environment is isolated and has minimal permissions. For local files, consider using a file picker or explicit user confirmation for sensitive paths. | LLM | scripts/feature_engineering.py:95 | |
| MEDIUM | Unpinned Python dependency version Requirement 'scikit-learn>=1.3.0' is not pinned to an exact version. Pin Python dependencies with '==<exact version>'. | Dependencies | feature-engineering-kit/scripts/requirements.txt:1 | |
| MEDIUM | Unpinned Python dependency version Requirement 'pandas>=2.0.0' is not pinned to an exact version. Pin Python dependencies with '==<exact version>'. | Dependencies | feature-engineering-kit/scripts/requirements.txt:2 | |
| MEDIUM | Unpinned Python dependency version Requirement 'numpy>=1.24.0' is not pinned to an exact version. Pin Python dependencies with '==<exact version>'. | Dependencies | feature-engineering-kit/scripts/requirements.txt:3 | |
| LOW | Unpinned Dependencies in requirements.txt The `requirements.txt` file specifies dependencies using minimum versions (e.g., `pandas>=2.0.0`) rather than exact versions. This can lead to non-deterministic builds and introduces a supply chain risk, as future, potentially vulnerable or incompatible, versions of these packages could be installed without explicit review. While not an immediate exploit, it increases the attack surface over time. Pin all dependencies to exact versions (e.g., `pandas==2.0.0`). Use a dependency lock file (e.g., `poetry.lock`, `Pipfile.lock`) or `pip freeze > requirements.txt` after verifying all dependencies to ensure reproducible and secure installations. | LLM | scripts/requirements.txt:1 |
Scan History
Embed Code
[](https://skillshield.io/report/f9af9e9492382b5a)
Powered by SkillShield