Security Audit
dkyazzentwatwa/chatgpt-skills:markdown-content-formatter
github.com/dkyazzentwatwa/chatgpt-skillsTrust Assessment
dkyazzentwatwa/chatgpt-skills:markdown-content-formatter received a trust score of 39/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 6 findings: 1 critical, 0 high, 4 medium, and 1 low severity. Key findings include Unpinned Python dependency version, Arbitrary File Read and Write, Unused Dependency in requirements.txt.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The Static Code Analysis layer scored lowest at 68/100, indicating areas for improvement.
Last analyzed on February 24, 2026 (commit d4bad335). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings6
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Arbitrary File Read and Write The skill allows reading arbitrary files from the filesystem via the `file_path` parameter in the `MarkdownFormatter` constructor and writing arbitrary content to arbitrary paths via the `output_path` parameter in the `export` method. Both parameters are directly exposed as command-line arguments (`--input` and `--output`). An attacker could exploit this to read sensitive files (e.g., `/etc/passwd`, environment variables, SSH keys) and then write their content to a location accessible to the attacker, or overwrite critical system files. Restrict file access to a designated, sandboxed directory. Implement strict input validation for `file_path` and `output_path` to prevent directory traversal (e.g., `../`) and ensure paths are within an allowed scope. Consider using a virtual filesystem or a dedicated temporary directory for all file operations. If the skill is intended to operate on user-provided files, ensure the agent environment enforces strict isolation and permission controls. | Static | scripts/markdown_formatter.py:50 | |
| MEDIUM | Unpinned Python dependency version Requirement 'markdown>=3.5.0' is not pinned to an exact version. Pin Python dependencies with '==<exact version>'. | Dependencies | markdown-content-formatter/scripts/requirements.txt:1 | |
| MEDIUM | Unpinned Python dependency version Requirement 'pyyaml>=6.0.0' is not pinned to an exact version. Pin Python dependencies with '==<exact version>'. | Dependencies | markdown-content-formatter/scripts/requirements.txt:2 | |
| MEDIUM | Unpinned Python dependency version Requirement 'beautifulsoup4>=4.12.0' is not pinned to an exact version. Pin Python dependencies with '==<exact version>'. | Dependencies | markdown-content-formatter/scripts/requirements.txt:3 | |
| MEDIUM | Unpinned Python dependency version Requirement 'pandas>=2.0.0' is not pinned to an exact version. Pin Python dependencies with '==<exact version>'. | Dependencies | markdown-content-formatter/scripts/requirements.txt:4 | |
| LOW | Unused Dependency in requirements.txt The `pandas` library is listed in `scripts/requirements.txt` but is not imported or used anywhere in `scripts/markdown_formatter.py`. Including unused dependencies increases the attack surface, adds unnecessary bloat, and can introduce potential vulnerabilities if the unused library itself has security flaws. Remove `pandas>=2.0.0` from `scripts/requirements.txt` as it is not used by the skill. Regularly review dependencies to ensure only necessary packages are included. | Static | scripts/requirements.txt:4 |
Scan History
Embed Code
[](https://skillshield.io/report/e49603b6ce948a0c)
Powered by SkillShield