Trust Assessment
lorem-ipsum received a trust score of 76/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 2 findings: 0 critical, 2 high, 0 medium, and 0 low severity. Key findings include Arbitrary File Write via User-Controlled Output Path, Potential Command Injection via Unsanitized Output Filename.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 11, 2026 (commit 326f2466). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings2
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Arbitrary File Write via User-Controlled Output Path The skill allows users to specify an arbitrary file path using the `--output FILE` option for saving generated content. This capability, explicitly demonstrated by examples like `~/Desktop/placeholder.txt`, enables the agent to write to any location on the filesystem. An attacker could exploit this to overwrite critical system files (e.g., `/etc/passwd`, `/etc/sudoers`), or write sensitive data to attacker-controlled locations (e.g., web server directories, shared network drives) for data exfiltration. This constitutes a significant security risk due to excessive filesystem write permissions. Restrict the `--output` path to a designated, sandboxed directory (e.g., a temporary directory or a specific output folder within the skill's allowed scope). Implement strict path validation and sanitization to prevent directory traversal attacks (`../`) and ensure the path is within the allowed scope. Avoid writing to arbitrary user-specified paths. | LLM | SKILL.md:70 | |
| HIGH | Potential Command Injection via Unsanitized Output Filename The skill instructs the LLM to construct and execute shell commands using `uv run scripts/generate.py` where the `--output FILE` argument is derived from user input. If the `FILE` argument is not properly sanitized by the agent's execution environment before being passed to the underlying shell, a malicious user could inject shell commands (e.g., `uv run scripts/generate.py --output "malicious.txt; rm -rf /"`). This could lead to arbitrary code execution on the host system. The risk depends on how the agent's runtime environment handles the constructed command string (e.g., if `shell=True` is used in `subprocess.run`). Implement robust input validation and sanitization for all user-provided arguments, especially file paths. Ensure that no shell metacharacters are allowed in the `--output` argument. When executing commands, prefer using argument lists (e.g., `subprocess.run(['uv', 'run', 'scripts/generate.py', '--output', filename])`) instead of a single shell string to prevent shell injection. If a shell is unavoidable, ensure the filename is properly quoted and escaped. | LLM | SKILL.md:70 |
Scan History
Embed Code
[](https://skillshield.io/report/c742a064ecab9154)
Powered by SkillShield