Security Audit

Jamkris/everything-gemini-code:skills/dmux-workflows

github.com/Jamkris/everything-gemini-code

AI SkillCommit 6c6f43aaa3d6

CRITICAL

Scanned 8 days ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

Jamkris/everything-gemini-code:skills/dmux-workflows received a trust score of 39/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.

SkillShield's automated analysis identified 2 findings: 1 critical, 0 high, 0 medium, and 1 low severity. Key findings include Arbitrary command execution via `launcherCommand` in `plan.json`, Unpinned external dependency `dmux`.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 68/100, indicating areas for improvement.

Last analyzed on March 30, 2026 (commit 6c6f43aa). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

100%

Static Code Analysis

100%

Dependency Graph

100%

LLM Behavioral Safety

68%

Behavioral Risk Signals

Network Access

1 finding

Filesystem Write

1 finding

Shell Execution

1 finding

Excessive Permissions

1 finding

Security Findings2

Severity	Finding	Layer	Location
CRITICAL	Arbitrary command execution via `launcherCommand` in `plan.json` The skill describes an orchestration mechanism where a `plan.json` file, which can be user-defined or influenced by untrusted input, contains a `launcherCommand` field. This field is explicitly described as being 'launched' (executed) within a tmux pane by the `orchestrate-worktrees.js` helper script. A malicious string provided in the `launcherCommand` (e.g., `rm -rf /`) would lead to arbitrary command execution on the host system with the privileges of the user running the orchestration script. Implement strict validation and sanitization for the `launcherCommand` field in `plan.json` if it is user-controlled or influenced by untrusted input. Consider using a whitelist of allowed commands and arguments, or executing commands within a highly sandboxed environment (e.g., Docker containers with minimal privileges). If the `plan.json` is intended to be fully trusted, ensure that the process generating or modifying it is secure and not susceptible to user manipulation.	LLM	SKILL.md:102
LOW	Unpinned external dependency `dmux` The skill recommends installing `dmux` from `github.com/standardagents/dmux` without specifying a version, commit hash, or checksum. This makes the installation vulnerable to supply chain attacks if the upstream repository is compromised, allowing malicious code to be introduced into the user's environment when `dmux` is installed. Pin the `dmux` dependency to a specific version, commit hash, or use a checksum to ensure integrity. For example, provide instructions to `git clone --depth 1 --branch v1.2.3 https://github.com/standardagents/dmux.git` or similar version-locked installation methods.	LLM	SKILL.md:30

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/603e7c6f29e675a4.svg)](https://skillshield.io/report/603e7c6f29e675a4)