Trust Assessment
writing-skills received a trust score of 10/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 4 findings: 3 critical, 1 high, 0 medium, and 0 low severity. Key findings include Arbitrary command execution, Command Injection via Graphviz 'dot' utility.
The analysis covered 4 layers: dependency_graph, llm_behavioral_safety, manifest_analysis, static_code_analysis. The manifest_analysis layer scored lowest at 10/100, indicating areas for improvement.
Last analyzed on February 15, 2026 (commit 3e75fabd). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings4
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Arbitrary command execution Node.js child_process require Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Unknown | /tmp/skillscan-clone-8c9pdcvy/repo/skills/writing-skills/render-graphs.js:18 | |
| CRITICAL | Arbitrary command execution Node.js synchronous shell execution Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Unknown | /tmp/skillscan-clone-8c9pdcvy/repo/skills/writing-skills/render-graphs.js:72 | |
| CRITICAL | Arbitrary command execution Node.js synchronous shell execution Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Unknown | /tmp/skillscan-clone-8c9pdcvy/repo/skills/writing-skills/render-graphs.js:112 | |
| HIGH | Command Injection via Graphviz 'dot' utility The `render-graphs.js` script uses `child_process.execSync` to execute the external `dot` utility. The input to `dot` (`dotContent`) is extracted directly from the `SKILL.md` file, which is treated as untrusted content. If a malicious `SKILL.md` contains specially crafted Graphviz definitions, it could exploit vulnerabilities or features within the `dot` utility to execute arbitrary shell commands on the host system. While piping input to stdin is generally safer than command-line arguments, complex parsers like `dot` have historically been susceptible to command injection or data exfiltration through features such as `URL` attributes (e.g., `file:///` scheme) or `include` directives, which could be embedded in the generated SVG or trigger external actions. 1. **Input Sanitization/Validation:** Implement strict sanitization or validation of the `dotContent` before passing it to `dot`, ensuring it only contains safe Graphviz syntax and no potentially malicious attributes or directives. This is challenging due to the complexity of the `dot` language. 2. **Sandboxing:** Execute the `dot` command within a sandboxed environment (e.g., a Docker container or a chroot jail) with minimal permissions and no network access, to limit the impact of any successful injection. 3. **Alternative Rendering:** Consider using a pure-JavaScript or a known-secure library for Graphviz rendering that does not rely on external command execution. 4. **Least Privilege:** Ensure the `render-graphs.js` script itself runs with the absolute minimum necessary permissions. | Unknown | render-graphs.js:59 |
Scan History
Embed Code
[](https://skillshield.io/report/d4308dfbbca9a1c5)
Powered by SkillShield