Trust Assessment
context-recovery received a trust score of 72/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 1 finding: 1 critical, 0 high, 0 medium, and 0 low severity. Key findings include Command Injection via Untrusted Channel History in Shell Commands.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on July 1, 2026 (commit a4d31ad1). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Command Injection via Untrusted Channel History in Shell Commands The skill defines bash commands in Step 4 and Step 6 that interpolate untrusted variables (such as `<keyword>` extracted from external chat channels like Discord/Slack, or `<project/task summary>` in Step 6) directly into shell executions. In Step 4, `grep -ri "<keyword>"` and `xargs grep -l "<keyword>"` are executed. If an attacker injects shell metacharacters (e.g., `; command`, `$(command)`) into the chat channel, the agent will execute arbitrary commands on the host system when attempting context recovery. In Step 6, the unquoted heredoc `cat >> "$MEMORY_FILE" << EOF` allows shell expansion of any command substitutions present in the recovered context, leading to further command execution risks. Avoid executing shell commands with untrusted inputs. Instead of using `grep` and `cat` via bash execution, use built-in agent tools or secure APIs for file reading, searching, and writing. If shell execution is absolutely necessary, strictly sanitize all inputs to remove shell metacharacters, use safe APIs that do not invoke a shell (e.g., passing arguments as an array to subprocesses without `shell=True`), and quote heredoc delimiters (e.g., `<< 'EOF'`) to prevent parameter expansion. | LLM | SKILL.md:101 |
Scan History
Embed Code
[](https://skillshield.io/report/4e5ad339f6dcdc95)
Powered by SkillShield