Trust Assessment
lorem-ipsum received a trust score of 85/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 1 finding: 0 critical, 0 high, 1 medium, and 0 low severity. Key findings include Arbitrary File Write via User-Controlled Output Path.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on June 1, 2026 (commit 9b0e00ad). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| MEDIUM | Arbitrary File Write via User-Controlled Output Path The skill explicitly allows users to specify an arbitrary file path for output using the `--output FILE` argument. While the content written is generated lorem ipsum, an attacker could specify critical system files (e.g., `/etc/passwd`, `~/.bashrc`, `/dev/null` to fill up a disk) or other important files, leading to denial of service or data corruption by overwriting them with placeholder text. This capability grants excessive write permissions to user-controlled paths. 1. Restrict output paths to a designated, sandboxed directory (e.g., a temporary directory or a user-specific output folder). 2. Implement strict validation and sanitization of the `--output` argument within `scripts/generate.py` to prevent directory traversal (`../`) and ensure the path is within allowed boundaries. 3. Consider adding a confirmation step before overwriting existing files, especially outside the designated output directory. | LLM | SKILL.md:70 |
Scan History
Embed Code
[](https://skillshield.io/report/c742a064ecab9154)
Powered by SkillShield