Security Audit
dkyazzentwatwa/chatgpt-skills:language-detector
github.com/dkyazzentwatwa/chatgpt-skillsTrust Assessment
dkyazzentwatwa/chatgpt-skills:language-detector received a trust score of 34/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 6 findings: 0 critical, 3 high, 3 medium, and 0 low severity. Key findings include Unpinned Python dependency version, Arbitrary File Read via Unvalidated Input Path, Arbitrary File Write via Unvalidated Output Path.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The Static Code Analysis layer scored lowest at 48/100, indicating areas for improvement.
Last analyzed on February 24, 2026 (commit d4bad335). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings6
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Arbitrary File Read via Unvalidated Input Path The script reads a CSV file specified by the `--file` argument directly from user input without any path validation or sanitization. An attacker could provide a path like `/etc/passwd` or `../../sensitive_data.csv` to read arbitrary files on the system, leading to data exfiltration. Implement robust path validation for `args.file`. Ensure the path is within an allowed directory, is not an absolute path outside the intended scope, and does not contain path traversal sequences (e.g., `..`). Consider using a dedicated temporary directory or restricting file access to specific, pre-defined locations. | Static | scripts/language_detector.py:130 | |
| HIGH | Arbitrary File Write via Unvalidated Output Path The script writes output (JSON or CSV) to a file path specified by the `--output` argument directly from user input without any path validation or sanitization. An attacker could provide a path like `/etc/shadow` or `../../important_config.json` to overwrite arbitrary files on the system, potentially leading to denial of service, privilege escalation, or system compromise. Implement robust path validation for `args.output`. Ensure the path is within an allowed directory, is not an absolute path outside the intended scope, and does not contain path traversal sequences (e.g., `..`). Consider using a dedicated temporary directory or restricting file creation to specific, pre-defined locations. If writing to a user-specified path is necessary, ensure the user has appropriate permissions and the path is safe. | Static | scripts/language_detector.py:120 | |
| HIGH | Arbitrary File Write via Unvalidated Output Path The script writes output (JSON or CSV) to a file path specified by the `--output` argument directly from user input without any path validation or sanitization. An attacker could provide a path like `/etc/shadow` or `../../important_config.json` to overwrite arbitrary files on the system, potentially leading to denial of service, privilege escalation, or system compromise. Implement robust path validation for `args.output`. Ensure the path is within an allowed directory, is not an absolute path outside the intended scope, and does not contain path traversal sequences (e.g., `..`). Consider using a dedicated temporary directory or restricting file creation to specific, pre-defined locations. If writing to a user-specified path is necessary, ensure the user has appropriate permissions and the path is safe. | Static | scripts/language_detector.py:140 | |
| MEDIUM | Unpinned Python dependency version Requirement 'langdetect>=1.0.9' is not pinned to an exact version. Pin Python dependencies with '==<exact version>'. | Dependencies | language-detector/scripts/requirements.txt:1 | |
| MEDIUM | Unpinned Python dependency version Requirement 'pandas>=2.0.0' is not pinned to an exact version. Pin Python dependencies with '==<exact version>'. | Dependencies | language-detector/scripts/requirements.txt:2 | |
| MEDIUM | Unpinned Dependencies in requirements.txt The `requirements.txt` file specifies dependencies (`langdetect`, `pandas`) using a minimum version (`>=`) rather than exact versions (`==`) or compatible release operators (`~=`). This can lead to supply chain risks where future, potentially vulnerable or breaking versions of these libraries are installed without explicit review, introducing instability or security flaws. Pin dependencies to exact versions (e.g., `langdetect==1.0.9`) or use compatible release operators (e.g., `langdetect~=1.0.9`) to ensure consistent and secure builds. Regularly review and update pinned dependencies to incorporate security patches. | Static | scripts/requirements.txt:1 |
Scan History
Embed Code
[](https://skillshield.io/report/cd2e54ac9266be44)
Powered by SkillShield