Trust Assessment
todo-tracker received a trust score of 85/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 1 finding: 0 critical, 1 high, 0 medium, and 0 low severity. Key findings include Sed Command and Regex Injection in todo.sh.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on July 1, 2026 (commit a4d31ad1). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Sed Command and Regex Injection in todo.sh The `todo.sh` script directly interpolates the user-controlled `$pattern` variable into `sed` commands in both `mark_done` and `remove_item` functions. This allows an attacker to perform Sed Injection by crafting a pattern containing delimiters (e.g., `/`) and sed commands. This can lead to arbitrary file corruption, writing to arbitrary files, or potentially arbitrary command execution if GNU sed is present (via the `e` command). Avoid using `sed` with direct string interpolation of user-supplied patterns. Instead, use `awk` with variables passed via `-v` (e.g., `awk -v pat="$pattern" '$0 !~ pat'`), or thoroughly sanitize the input pattern to escape all special regex and sed characters before passing it to `sed`. | LLM | scripts/todo.sh:85 |
Scan History
Embed Code
[](https://skillshield.io/report/88936f983b15c251)
Powered by SkillShield