Trust Assessment
lorem-ipsum received a trust score of 76/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 2 findings: 0 critical, 2 high, 0 medium, and 0 low severity. Key findings include Arbitrary File Write via User-Controlled Output Path, Potential Command Injection via Unsanitized Output Filename.
The analysis covered 4 layers: manifest_analysis, llm_behavioral_safety, dependency_graph, static_code_analysis. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 11, 2026 (commit 326f2466). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings2
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Arbitrary File Write via User-Controlled Output Path The skill allows users to specify an arbitrary file path using the `--output FILE` option for saving generated content. This capability, explicitly demonstrated by examples like `~/Desktop/placeholder.txt`, enables the agent to write to any location on the filesystem. An attacker could exploit this to overwrite critical system files (e.g., `/etc/passwd`, `/etc/sudoers`), or write sensitive data to attacker-controlled locations (e.g., web server directories, shared network drives) for data exfiltration. This constitutes a significant security risk due to excessive filesystem write permissions. Restrict the `--output` path to a designated, sandboxed directory (e.g., a temporary directory or a specific output folder within the skill's allowed scope). Implement strict path validation and sanitization to prevent directory traversal attacks (`../`) and ensure the path is within the allowed scope. Avoid writing to arbitrary user-specified paths. | Unknown | SKILL.md:70 | |
| HIGH | Potential Command Injection via Unsanitized Output Filename The skill instructs the LLM to construct and execute shell commands using `uv run scripts/generate.py` where the `--output FILE` argument is derived from user input. If the `FILE` argument is not properly sanitized by the agent's execution environment before being passed to the underlying shell, a malicious user could inject shell commands (e.g., `uv run scripts/generate.py --output "malicious.txt; rm -rf /"`). This could lead to arbitrary code execution on the host system. The risk depends on how the agent's runtime environment handles the constructed command string (e.g., if `shell=True` is used in `subprocess.run`). Implement robust input validation and sanitization for all user-provided arguments, especially file paths. Ensure that no shell metacharacters are allowed in the `--output` argument. When executing commands, prefer using argument lists (e.g., `subprocess.run(['uv', 'run', 'scripts/generate.py', '--output', filename])`) instead of a single shell string to prevent shell injection. If a shell is unavoidable, ensure the filename is properly quoted and escaped. | Unknown | SKILL.md:70 |
Scan History
Embed Code
[](https://skillshield.io/report/c742a064ecab9154)
Powered by SkillShield