Security Audit

command-creator

github.com/jdrhyne/agent-skills

AI SkillCommit 0676c56a8ab1

TRUSTED

Scanned 9 days ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

command-creator received a trust score of 83/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.

SkillShield's automated analysis identified 2 findings: 0 critical, 1 high, 1 medium, and 0 low severity. Key findings include Direct Shell Command Execution (git rev-parse), Direct Shell Command Execution with User-Derived Input (mkdir).

The analysis covered 4 layers: dependency_graph, static_code_analysis, manifest_analysis, llm_behavioral_safety. All layers scored 70 or above, reflecting consistent security practices.

Last analyzed on February 11, 2026 (commit 0676c56a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

100%

Static Code Analysis

100%

Dependency Graph

100%

LLM Behavioral Safety

78%

Behavioral Risk Signals

Filesystem Write

1 finding

Shell Execution

2 findings

Dynamic Code

2 findings

Security Findings2

Severity	Finding	Layer	Location
HIGH	Direct Shell Command Execution with User-Derived Input (mkdir) The skill explicitly instructs the agent to execute a shell command (`mkdir -p`) to create directories. The `[directory-path]` argument for this command is derived from user input (the command name). Although the skill provides guidelines for command names (kebab-case), if the agent does not strictly sanitize or validate this input before constructing the shell command, it could lead to command injection (e.g., `mkdir -p /tmp/foo; rm -rf /`) or path traversal vulnerabilities. Use programmatic file system APIs (e.g., `os.makedirs` in Python) to create directories, which inherently handle path construction more safely. If shell execution is absolutely necessary, implement strict input validation and sanitization for `[command-name]` to ensure it only contains allowed characters and cannot be used to inject arbitrary commands or traverse directories.	Unknown	SKILL.md:145
MEDIUM	Direct Shell Command Execution (git rev-parse) The skill explicitly instructs the agent to execute a shell command (`git rev-parse`) to determine the repository status. While this specific command is generally benign, direct shell execution introduces a potential command injection vulnerability if the execution environment or arguments could be manipulated by untrusted input. It also grants the agent broader shell execution capabilities than might be strictly necessary. Prefer using programmatic APIs (e.g., a Git library in Python) to check repository status instead of direct shell execution. If shell execution is unavoidable, ensure the command is executed within a strictly sandboxed environment and that all arguments are rigorously sanitized.	Unknown	SKILL.md:71

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/1a6d51605e48b6ed.svg)](https://skillshield.io/report/1a6d51605e48b6ed)