Trust Assessment
context-recovery received a trust score of 70/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 1 finding: 1 critical, 0 high, 0 medium, and 0 low severity. Key findings include Potential Command Injection via User-Controlled Keyword.
The analysis covered 4 layers: dependency_graph, static_code_analysis, manifest_analysis, llm_behavioral_safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 11, 2026 (commit 0676c56a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Potential Command Injection via User-Controlled Keyword The skill uses a user-controlled keyword directly within a `grep` shell command without apparent sanitization or proper quoting. The `<keyword>` is extracted from 'channel history', which can contain arbitrary user input. An attacker could craft a message containing shell metacharacters (e.g., `;`, `|`, `&`, `$(...)`) within the keyword, leading to arbitrary command execution on the host system where the agent is running. This could allow for data exfiltration, system modification, or denial of service. Sanitize or escape user-provided keywords before incorporating them into shell commands. A safer approach would be to use a programming language's built-in file search functions or a tool that properly handles arguments, rather than directly interpolating user input into a shell string. If shell execution is unavoidable, ensure all user-controlled variables are passed as arguments to the command, not embedded directly into the command string, and are properly quoted (e.g., `grep -ri "$KEYWORD" ...`). | Unknown | SKILL.md:78 |
Scan History
Embed Code
[](https://skillshield.io/report/4e5ad339f6dcdc95)
Powered by SkillShield