Trust Assessment
refactor-module received a trust score of 78/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 2 findings: 0 critical, 1 high, 1 medium, and 0 low severity. Key findings include Potential Command Injection via Input Parameters and Shell Command Examples, Unpinned External Skill Dependencies.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on June 1, 2026 (commit 339a1139). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings2
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Unpinned External Skill Dependencies The skill references other 'Related Skills' using `raw.githubusercontent.com` URLs that point to the `main` branch (`refs/heads/main`). This constitutes an unpinned dependency. If the `main` branch of the `agent-skills` repository were compromised, an attacker could alter the content of these referenced skills. An AI agent designed to fetch and process these external skills would then be at risk of executing malicious instructions or code from the compromised source. Pin external skill dependencies to specific, immutable versions (e.g., commit SHAs or release tags) instead of mutable branch references like `refs/heads/main`. Additionally, implement content integrity checks (e.g., cryptographic hashes) for all fetched external resources to verify their authenticity and prevent tampering. | Static | SKILL.md:306 | |
| MEDIUM | Potential Command Injection via Input Parameters and Shell Command Examples The skill defines input parameters such as `source_directory` (a path to a Terraform configuration) and describes execution steps that involve explicit shell commands (e.g., `terraform state mv`). If an AI agent implementing this skill constructs and executes shell commands using these input parameters or derived values without proper sanitization, it could be vulnerable to command injection. An attacker could provide a malicious `source_directory` or manipulate other inputs to execute arbitrary commands on the host system. Any AI agent implementing this skill must rigorously sanitize all user-provided input, especially path-related parameters like `source_directory`, before incorporating them into shell commands. Prefer using parameterized command execution methods where possible, or ensure robust escaping of special characters to prevent command injection. | Static | SKILL.md:30 |
Scan History
Embed Code
[](https://skillshield.io/report/0bde11ad3e6f48af)
Powered by SkillShield