Trust Assessment
provider-actions received a trust score of 85/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 1 finding: 0 critical, 1 high, 0 medium, and 0 low severity. Key findings include Potential Command Injection via Unsanitized Placeholders in Shell Commands.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on June 1, 2026 (commit 339a1139). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Potential Command Injection via Unsanitized Placeholders in Shell Commands The documentation provides several shell commands for building and testing the skill, such as `go build -o /dev/null ./internal/service/<service>`, `go test ./internal/service/<service> -run TestAccServiceAction_ -v`, and `go test ./internal/service/<service> -sweep=<region> -v`. If an AI agent or automated system is instructed to execute these commands and substitutes placeholders like `<service>`, `<action>`, or `<region>` with untrusted, user-controlled input, it could lead to command injection. Malicious input containing shell metacharacters (e.g., `my_service; rm -rf /`) could execute arbitrary commands on the host system. When generating or executing shell commands with dynamic parameters, ensure all untrusted input is rigorously sanitized, escaped, or passed as separate arguments to an `exec.Command` style function. Avoid direct string interpolation into shell commands. For example, use `strconv.Quote` for string arguments or pass arguments as a slice to prevent shell interpretation. | LLM | SKILL.md:300 |
Scan History
Embed Code
[](https://skillshield.io/report/b27c7478276494cd)
Powered by SkillShield