Trust Assessment
gallery-scraper received a trust score of 40/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 3 findings: 1 critical, 2 high, 0 medium, and 0 low severity. Key findings include Potential Command Injection in Bash Snippets, Explicit Instruction to Access Sensitive Cookies, Command Injection in Output Directory Creation.
The analysis covered 4 layers: dependency_graph, static_code_analysis, manifest_analysis, llm_behavioral_safety. The static_code_analysis layer scored lowest at 40/100, indicating areas for improvement.
Last analyzed on February 11, 2026 (commit 0676c56a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Command Injection in Output Directory Creation The `scripts/download_gallery.sh` script is vulnerable to command injection. The `$OUTPUT_DIR` variable, which is derived from a user-provided argument, is used directly within `mkdir -p "$OUTPUT_DIR"` and `cd "$OUTPUT_DIR"`. If an attacker provides a malicious string for `OUTPUT_DIR` (e.g., `'; rm -rf /; echo '`), arbitrary commands could be executed on the host system. Sanitize user-provided input for directory names. A robust solution involves validating the input against a whitelist of allowed characters or using a programming language's safe path manipulation functions. For shell scripts, consider using `printf %q` to properly quote arguments for `mkdir` and `cd`, or strictly validate the input to ensure it only contains safe characters (e.g., alphanumeric, hyphens, underscores, slashes). | Unknown | scripts/download_gallery.sh:14 | |
| HIGH | Potential Command Injection in Bash Snippets The `SKILL.md` document provides example bash commands that are vulnerable to command injection if variables like `gallery_name`, `SITE_DOMAIN`, `filename`, `url`, or `gallery_id` are populated directly from untrusted user input without proper sanitization. For instance, `mkdir -p ~/Downloads/gallery_name` could execute arbitrary commands if `gallery_name` contains shell metacharacters. Similarly, `curl` commands with unsanitized `$filename` or `$url` could lead to unexpected behavior or command execution depending on the shell and `curl` version. While these are examples, an agent implementing this skill might directly use these patterns. When generating or executing shell commands based on user input, ensure all variables are properly sanitized or quoted. For directory names, use functions that handle path construction safely. For `curl` arguments, ensure URLs and filenames are properly escaped or passed as distinct arguments to prevent shell interpretation. | Unknown | SKILL.md:108 | |
| HIGH | Explicit Instruction to Access Sensitive Cookies The troubleshooting section explicitly instructs the agent to 'Extract session cookies via `document.cookie`'. While framed as a troubleshooting step, this is a direct instruction to access highly sensitive user data. If the agent then logs, stores, or transmits this information, it constitutes a data exfiltration risk, potentially exposing user session tokens or other credentials. Avoid instructing the agent to directly access `document.cookie` unless absolutely necessary and with explicit user consent and clear warnings about the security implications. If access is unavoidable, ensure strict policies are in place for handling, storing, and transmitting such sensitive data, preferably by masking or redacting it immediately after use. | Unknown | SKILL.md:137 |
Scan History
Embed Code
[](https://skillshield.io/report/366909883e2c19e1)
Powered by SkillShield