Security Audit

dkyazzentwatwa/chatgpt-skills:json-schema-validator

github.com/dkyazzentwatwa/chatgpt-skills

AI SkillCommit d4bad33523ff

CAUTION

Scanned about 1 month ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

dkyazzentwatwa/chatgpt-skills:json-schema-validator received a trust score of 65/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.

SkillShield's automated analysis identified 3 findings: 0 critical, 2 high, 1 medium, and 0 low severity. Key findings include Unpinned Python dependency version, Arbitrary file read (Data Exfiltration), Arbitrary file write (Excessive Permissions).

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.

Last analyzed on February 24, 2026 (commit d4bad335). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

100%

Static Code Analysis

100%

Dependency Graph

93%

LLM Behavioral Safety

70%

Behavioral Risk Signals

Filesystem Write

2 findings

Excessive Permissions

1 finding

Security Findings3

Severity	Finding	Layer	Location
HIGH	Arbitrary file read (Data Exfiltration) The skill's `validate_file` and `validate_batch` methods, as well as the CLI arguments `--data`, `--schema`, `--generate`, and `--data-dir`, allow reading arbitrary files from the filesystem. An attacker could provide paths to sensitive files (e.g., `/etc/passwd`, `.env` files, API keys, other skill files) to exfiltrate their content. Even if the file is not valid JSON, error messages might reveal partial content or confirm file existence. If the file contains valid JSON, its entire content would be loaded and potentially exposed. Restrict file access to a designated, sandboxed directory. Do not allow arbitrary file paths from untrusted input. If file access is necessary, implement strict path validation (e.g., ensure paths are within a specific subdirectory, disallow `..` or absolute paths outside the sandbox) and ensure the agent's execution environment has minimal necessary file permissions.	LLM	scripts/json_validator.py:107
HIGH	Arbitrary file write (Excessive Permissions) The skill's CLI argument `--output` (used with `--generate`) allows writing generated JSON schema to an arbitrary file path on the filesystem. An attacker could provide a path to a sensitive system file (e.g., configuration files, startup scripts) to overwrite it with attacker-controlled JSON content. This could lead to denial of service, privilege escalation, or other system compromise. Restrict file write access to a designated, sandboxed directory. Do not allow arbitrary file paths for output from untrusted input. Implement strict path validation (e.g., ensure paths are within a specific subdirectory, disallow `..` or absolute paths outside the sandbox) and ensure the agent's execution environment has minimal necessary file permissions.	LLM	scripts/json_validator.py:261
MEDIUM	Unpinned Python dependency version Requirement 'jsonschema>=4.20.0' is not pinned to an exact version. Pin Python dependencies with '==<exact version>'.	Dependencies	json-schema-validator/scripts/requirements.txt:1

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/bd9e0b9cac8bbfe1.svg)](https://skillshield.io/report/bd9e0b9cac8bbfe1)