Security Audit
dkyazzentwatwa/chatgpt-skills:invoice-generator
github.com/dkyazzentwatwa/chatgpt-skillsTrust Assessment
dkyazzentwatwa/chatgpt-skills:invoice-generator received a trust score of 26/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 6 findings: 0 critical, 4 high, 2 medium, and 0 low severity. Key findings include Unpinned Python dependency version, Path Traversal and Arbitrary File Read via CSV Input, Path Traversal and Arbitrary File Read via Logo Input.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The Static Code Analysis layer scored lowest at 40/100, indicating areas for improvement.
Last analyzed on February 24, 2026 (commit d4bad335). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings6
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Path Traversal and Arbitrary File Read via CSV Input The `from_csv` method directly uses a user-provided `filepath` to open and read a CSV file without proper sanitization or path validation. An attacker can supply a path like `../../../../etc/passwd` to read arbitrary files from the system, leading to data exfiltration. Sanitize the `filepath` argument to prevent path traversal. Ensure the path is canonicalized and restricted to an allowed directory (e.g., a temporary directory or a designated input folder). Reject paths that attempt to escape this boundary. | Static | scripts/invoice_gen.py:300 | |
| HIGH | Path Traversal and Arbitrary File Read via Logo Input The `set_logo` method stores a user-provided `logo_path` which is later directly used by `PIL.Image.open()` and `reportlab.platypus.Image` without proper sanitization or path validation. An attacker can supply a path like `../../../../etc/passwd` to attempt to read arbitrary files from the system. While `PIL.Image.open` might fail on non-image files, the attempt to access arbitrary paths is a significant security risk. Sanitize the `logo_path` argument to prevent path traversal. Ensure the path is canonicalized and restricted to an allowed directory (e.g., a temporary directory or a designated asset folder). Reject paths that attempt to escape this boundary. | Static | scripts/invoice_gen.py:367 | |
| HIGH | Path Traversal and Arbitrary File Write via Output Filename The `save` method directly uses a user-provided `filename` to write the generated PDF without proper sanitization or path validation. An attacker can supply a path like `../../../../tmp/malicious.pdf` to write files to arbitrary locations on the filesystem, potentially overwriting critical system files or placing malicious content. Sanitize the `filename` argument to prevent path traversal. Ensure the path is canonicalized and restricted to an allowed output directory. Reject paths that attempt to escape this boundary. Consider using `pathlib.Path.resolve()` and checking against a base directory. | Static | scripts/invoice_gen.py:477 | |
| HIGH | Path Traversal and Arbitrary File Write via Batch Output Directory The `batch_generate` method constructs output file paths using a user-provided `output_dir` without proper sanitization or path validation. An attacker can supply a path like `../../../../tmp` for `output_dir` to write generated invoices to arbitrary locations on the filesystem, potentially overwriting critical system files or placing malicious content. Sanitize the `output_dir` argument to prevent path traversal. Ensure the path is canonicalized and restricted to an allowed output directory. Reject paths that attempt to escape this boundary. Consider using `pathlib.Path.resolve()` and checking against a base directory. | Static | scripts/invoice_gen.py:501 | |
| MEDIUM | Unpinned Python dependency version Requirement 'reportlab>=4.0.0' is not pinned to an exact version. Pin Python dependencies with '==<exact version>'. | Dependencies | invoice-generator/scripts/requirements.txt:1 | |
| MEDIUM | Unpinned Python dependency version Requirement 'Pillow>=10.0.0' is not pinned to an exact version. Pin Python dependencies with '==<exact version>'. | Dependencies | invoice-generator/scripts/requirements.txt:2 |
Scan History
Embed Code
[](https://skillshield.io/report/523232649f78108c)
Powered by SkillShield