Security Audit
dkyazzentwatwa/chatgpt-skills:keyword-extractor
github.com/dkyazzentwatwa/chatgpt-skillsTrust Assessment
dkyazzentwatwa/chatgpt-skills:keyword-extractor received a trust score of 35/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 7 findings: 0 critical, 2 high, 5 medium, and 0 low severity. Key findings include Unpinned Python dependency version, Arbitrary File Read via User-Controlled Path, Arbitrary File Write via User-Controlled Path.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The Dependency Graph layer scored lowest at 65/100, indicating areas for improvement.
Last analyzed on February 24, 2026 (commit d4bad335). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings7
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Arbitrary File Read via User-Controlled Path The skill allows reading arbitrary files from the file system based on user-provided paths. The `extract_from_file` method and CLI arguments `--input` and `--stopwords` directly use user input for file paths without validation or sandboxing. This could lead to data exfiltration if an attacker specifies paths to sensitive system files or user data. Implement strict path validation to ensure file access is restricted to an allowed sandbox directory. Disallow absolute paths or paths containing '..'. If file access is essential, ensure the agent environment provides robust sandboxing or requires explicit user consent for file operations. | Static | scripts/keyword_extractor.py:130 | |
| HIGH | Arbitrary File Write via User-Controlled Path The skill allows writing files to arbitrary locations on the file system based on user-provided paths. Methods like `to_wordcloud`, `plot_keywords`, `to_json`, `to_csv`, and `to_text`, as well as the CLI argument `--output` and `--wordcloud`, directly use user input for output file paths. An attacker could exploit this to overwrite critical system files, or write sensitive extracted data to publicly accessible locations, leading to data exfiltration or system compromise. Implement strict path validation to ensure file writes are restricted to an allowed sandbox directory. Disallow absolute paths or paths containing '..'. If file writing is essential, ensure the agent environment provides robust sandboxing or requires explicit user consent for file operations. | Static | scripts/keyword_extractor.py:204 | |
| MEDIUM | Unpinned Python dependency version Requirement 'scikit-learn>=1.2.0' is not pinned to an exact version. Pin Python dependencies with '==<exact version>'. | Dependencies | keyword-extractor/scripts/requirements.txt:1 | |
| MEDIUM | Unpinned Python dependency version Requirement 'nltk>=3.8.0' is not pinned to an exact version. Pin Python dependencies with '==<exact version>'. | Dependencies | keyword-extractor/scripts/requirements.txt:2 | |
| MEDIUM | Unpinned Python dependency version Requirement 'pandas>=2.0.0' is not pinned to an exact version. Pin Python dependencies with '==<exact version>'. | Dependencies | keyword-extractor/scripts/requirements.txt:3 | |
| MEDIUM | Unpinned Python dependency version Requirement 'matplotlib>=3.7.0' is not pinned to an exact version. Pin Python dependencies with '==<exact version>'. | Dependencies | keyword-extractor/scripts/requirements.txt:4 | |
| MEDIUM | Unpinned Python dependency version Requirement 'wordcloud>=1.9.0' is not pinned to an exact version. Pin Python dependencies with '==<exact version>'. | Dependencies | keyword-extractor/scripts/requirements.txt:5 |
Scan History
Embed Code
[](https://skillshield.io/report/3c3803ee33d66041)
Powered by SkillShield