Security Audit

Jamkris/everything-gemini-code:skills/content-hash-cache-pattern

github.com/Jamkris/everything-gemini-code

AI SkillCommit 6c6f43aaa3d6

CAUTION

Scanned 8 days ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

Jamkris/everything-gemini-code:skills/content-hash-cache-pattern received a trust score of 56/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.

SkillShield's automated analysis identified 1 finding: 0 critical, 1 high, 0 medium, and 0 low severity. Key findings include Unrestricted File System Access via Untrusted Inputs.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.

Last analyzed on March 30, 2026 (commit 6c6f43aa). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

100%

Static Code Analysis

100%

Dependency Graph

100%

LLM Behavioral Safety

85%

Behavioral Risk Signals

Filesystem Write

1 finding

Shell Execution

1 finding

Excessive Permissions

1 finding

Security Findings1

Severity	Finding	Layer	Location
HIGH	Unrestricted File System Access via Untrusted Inputs The provided code snippets demonstrate file system operations that read from arbitrary file paths (`path` in `compute_file_hash`, `file_path` in `extract_with_cache`) and write to a configurable cache directory (`cache_dir` in `write_cache` and `extract_with_cache`). Specifically, `compute_file_hash` and the implicit `extract_text` function (called by `extract_with_cache`) read content from `file_path`. The `write_cache` function writes processed data to `cache_dir`. If an AI agent implements this pattern and allows untrusted input to control these parameters, it could lead to severe security vulnerabilities. An attacker could coerce the agent into reading sensitive files from the system (data exfiltration) or writing processed data to arbitrary locations, potentially overwriting critical system files, leading to denial of service, or even privilege escalation. When implementing this pattern, ensure that all file paths (`file_path`) and cache directories (`cache_dir`) provided to the functions are strictly validated and sanitized. Restrict file access to designated, isolated directories (e.g., a sandbox or temporary directory) and prevent any path traversal attempts. Avoid allowing untrusted user input to directly specify these paths.	LLM	SKILL.md:18

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/a83d745aa0e08a04.svg)](https://skillshield.io/report/a83d745aa0e08a04)