Trust Assessment
android-development received a trust score of 85/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 1 finding: 0 critical, 1 high, 0 medium, and 0 low severity. Key findings include Path Traversal in Feature Generation Script.
The analysis covered 4 layers: dependency_graph, manifest_analysis, static_code_analysis, llm_behavioral_safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 12, 2026 (commit edfca5e3). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Path Traversal in Feature Generation Script The `scripts/generate_feature.py` script constructs file paths using user-provided input (`feature_name`) without proper sanitization. An attacker can use path traversal sequences (e.g., `../`) in the `feature_name` argument to create directories and files outside the intended project structure. This could lead to arbitrary file creation in sensitive system directories, potentially causing denial of service, privilege escalation, or other system compromises depending on the script's execution context and permissions. Sanitize the `feature_name` input to prevent path traversal. Ensure that `feature_name` does not contain characters like `.` or `/` that could alter the intended directory path. A common approach is to validate the input against a regular expression that only allows alphanumeric characters and hyphens, or to use `os.path.basename` if only the last component of a path is expected. | Unknown | scripts/generate_feature.py:40 |
Scan History
Embed Code
[](https://skillshield.io/report/af33ab2e77c181f6)
Powered by SkillShield