Trust Assessment
here-be-git received a trust score of 90/100, placing it in the Trusted category. This skill has passed all critical security checks and demonstrates strong security practices.
SkillShield's automated analysis identified 2 findings: 0 critical, 1 high, 0 medium, and 0 low severity. Key findings include Potential Command Injection via .gitignore generation, Agent self-modification of instructions.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 11, 2026 (commit 326f2466). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings2
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Potential Command Injection via .gitignore generation The skill instructs the agent to 'Generate an appropriate .gitignore based on their input' and 'Include any specific files or patterns the user mentions'. If the agent constructs the `.gitignore` file content or the command to write it to disk directly from unsanitized user input, a malicious user could inject shell commands or other harmful content. For example, if the agent uses a shell command like `echo "user_input" > .gitignore`, and `user_input` contains shell metacharacters (e.g., `*; rm -rf /`), this could lead to arbitrary command execution on the host system. Ensure all user-provided input for `.gitignore` patterns is strictly sanitized and validated against a whitelist of allowed characters and patterns before being used to generate file content or construct shell commands. Avoid direct shell execution with unsanitized user input. Prefer using file system APIs or libraries that safely write content to files. | LLM | SKILL.md:39 | |
| INFO | Agent self-modification of instructions The skill instructs the agent to modify `AGENTS.md` and `CLAUDE.md` to include specific instructions for its future behavior. While the content added is hardcoded and appears benign in this instance, this mechanism allows the agent to modify its own instruction set. This pattern, if combined with user-controlled input for the content, could lead to critical prompt injection vulnerabilities where a malicious user could alter the agent's core directives. It's a powerful capability that requires careful control. Ensure that any content written to agent instruction files (`AGENTS.md`, `CLAUDE.md`) is strictly controlled and never directly derived from untrusted user input. If user input influences these files, it must be thoroughly sanitized and validated against a strict whitelist of allowed content and structure. | LLM | SKILL.md:20 |
Scan History
Embed Code
[](https://skillshield.io/report/9e40275df8bdd21e)
Powered by SkillShield