Trust Assessment
munger-observer received a trust score of 86/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 2 findings: 0 critical, 0 high, 2 medium, and 0 low severity. Key findings include Potential Path Traversal in Memory File Access, Vague Log Scanning Poses Data Exfiltration/Command Injection Risk.
The analysis covered 4 layers: dependency_graph, manifest_analysis, llm_behavioral_safety, static_code_analysis. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 11, 2026 (commit 0676c56a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings2
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| MEDIUM | Potential Path Traversal in Memory File Access The skill describes reading a 'memory file' using a date-based filename (`memory/YYYY-MM-DD.md`). If the `YYYY-MM-DD` component is derived from untrusted input (e.g., a user-provided date for review) and not strictly validated or sanitized, an attacker could potentially inject path traversal sequences (e.g., `../../etc/passwd`) to read arbitrary files outside the intended `memory/` directory. While the `memory/` prefix provides some containment, it's not a full safeguard against a vulnerable date parsing/construction mechanism. Ensure that any component of a file path derived from untrusted input (like the date in `YYYY-MM-DD.md`) is strictly validated to match the expected format and does not contain any path separators (e.g., `/`, `\`) or special characters. Implement robust path sanitization and restrict file access to the intended `memory/` directory using sandboxing or strict access controls. | Unknown | SKILL.md:10 | |
| MEDIUM | Vague Log Scanning Poses Data Exfiltration/Command Injection Risk The step 'Scan session logs for today's activity' is underspecified. If the path to these 'session logs' is configurable or derived from untrusted input, it could lead to data exfiltration by reading unintended files. Furthermore, if the 'scan' operation involves executing an external command or script, and its arguments are constructed using untrusted input, it could lead to command injection, allowing an attacker to execute arbitrary commands on the host system. Clearly define the source and exact path of 'session logs'. If the log path is dynamic, ensure it is strictly validated and sanitized. If any external tools are used for scanning, ensure that their arguments are constructed using safe APIs and that all dynamic inputs are properly escaped or validated to prevent command injection. Prefer using internal, safe parsing mechanisms over external command execution for log analysis. | Unknown | SKILL.md:11 |
Scan History
Embed Code
[](https://skillshield.io/report/fe5bc5333bf8bd09)
Powered by SkillShield