Security Audit
dkyazzentwatwa/chatgpt-skills:geo-visualizer
github.com/dkyazzentwatwa/chatgpt-skillsTrust Assessment
dkyazzentwatwa/chatgpt-skills:geo-visualizer received a trust score of 44/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 7 findings: 0 critical, 3 high, 4 medium, and 0 low severity. Key findings include Unpinned Python dependency version, Arbitrary File Read (Data Exfiltration), Arbitrary File Write (Data Exfiltration).
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 48/100, indicating areas for improvement.
Last analyzed on February 24, 2026 (commit d4bad335). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings7
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Arbitrary File Read (Data Exfiltration) The skill allows reading arbitrary CSV and GeoJSON files from the local filesystem. The `from_csv`, `from_geojson`, and `add_choropleth` methods accept a `filepath` or `geojson` argument that is directly used to open and read files. An attacker could specify paths to sensitive files (e.g., `/etc/passwd`, `~/.ssh/id_rsa`) to exfiltrate their content, potentially by embedding it into the generated map HTML or causing error messages that reveal content. Implement strict input validation for all file paths. Restrict file access to a designated, sandboxed directory. Prevent directory traversal by sanitizing `filepath` arguments (e.g., using `os.path.abspath` and checking if the path is within an allowed directory). Do not allow reading of arbitrary files outside the skill's intended scope. | LLM | scripts/geo_visualizer.py:95 | |
| HIGH | Arbitrary File Write (Data Exfiltration) The `save` method allows writing the generated HTML map to an arbitrary file path on the local filesystem. An attacker could specify a path to overwrite critical system files or write to publicly accessible directories, potentially leading to data corruption, denial of service, or further data exfiltration if the written file is then served. Implement strict input validation for the `filepath` argument in the `save` method. Restrict file writing to a designated, sandboxed output directory. Prevent directory traversal by sanitizing `filepath` arguments. | LLM | scripts/geo_visualizer.py:321 | |
| HIGH | Server-Side Request Forgery (SSRF) via GeoJSON URL The `add_choropleth` method's `geojson` argument can accept a URL, which `folium` will then attempt to fetch. This allows an attacker to instruct the skill to make requests to arbitrary URLs, including internal network resources or other external services. This could bypass firewalls, access sensitive internal APIs, or perform port scanning. Validate the `geojson` argument to ensure it is either a local file path within a sandboxed directory or a URL from a trusted, pre-approved list of domains. Block arbitrary URLs and prevent fetching from internal IP addresses or non-HTTP/HTTPS schemes. | LLM | scripts/geo_visualizer.py:281 | |
| MEDIUM | Unpinned Python dependency version Requirement 'folium>=0.14.0' is not pinned to an exact version. Pin Python dependencies with '==<exact version>'. | Dependencies | geo-visualizer/scripts/requirements.txt:1 | |
| MEDIUM | Unpinned Python dependency version Requirement 'pandas>=2.0.0' is not pinned to an exact version. Pin Python dependencies with '==<exact version>'. | Dependencies | geo-visualizer/scripts/requirements.txt:2 | |
| MEDIUM | Unpinned Python dependency version Requirement 'branca>=0.6.0' is not pinned to an exact version. Pin Python dependencies with '==<exact version>'. | Dependencies | geo-visualizer/scripts/requirements.txt:3 | |
| MEDIUM | Cross-Site Scripting (XSS) via HTML Popup Content The `add_marker` and `add_markers` methods explicitly accept HTML content for the `popup` argument. If untrusted input is used to generate this HTML, and the resulting map is viewed in a web browser, it could lead to Cross-Site Scripting (XSS). An attacker could inject malicious scripts that execute in the user's browser when the popup is displayed. Sanitize any user-provided HTML content for `popup` arguments using a robust HTML sanitization library (e.g., `bleach`) before passing it to `folium`. Alternatively, explicitly warn users that `popup` content should be trusted or properly escaped if it originates from untrusted sources. | LLM | scripts/geo_visualizer.py:190 |
Scan History
Embed Code
[](https://skillshield.io/report/d4a69e20b7fef6dd)
Powered by SkillShield