Trust Assessment
chaos-engineer received a trust score of 81/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 2 findings: 0 critical, 1 high, 1 medium, and 0 low severity. Key findings include Potential Command Injection via Kubernetes Operations, Supply Chain Risk via Package Installation Example.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on June 1, 2026 (commit e8be415b). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings2
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Potential Command Injection via Kubernetes Operations The skill provides examples of `kubectl` commands that directly modify Kubernetes resources, including applying chaos experiments (`kubectl apply`) and patching existing resources (`kubectl patch`) in a 'production' namespace. If an LLM with shell execution capabilities is prompted to 'implement' or 'run' these examples, it could execute these commands, leading to unintended modifications, disruptions, or even destructive actions within a production environment. Chaos engineering inherently involves disruptive actions, and direct execution of these commands by an LLM without proper human oversight or sandboxing poses a significant risk. If the LLM has shell execution capabilities, ensure that any commands targeting production environments or performing destructive actions are subject to strict human review, approval workflows, or are executed within a highly sandboxed and isolated environment. Implement guardrails to prevent direct execution of such commands without explicit confirmation. Consider using a tool-use framework that requires explicit user consent for high-impact actions. | LLM | SKILL.md:99 | |
| MEDIUM | Supply Chain Risk via Package Installation Example The skill includes an example command `brew install toxiproxy` for installing external software. If an LLM with shell execution capabilities is prompted to 'set up toxiproxy' or similar, it could execute this command. While `toxiproxy` is a legitimate tool, the pattern of installing arbitrary software from untrusted content via package managers (like `brew`, `apt`, `pip`, etc.) introduces a supply chain risk. A malicious or typosquatted package name could lead to the installation of harmful software, compromising the execution environment. If the LLM has shell execution capabilities, implement strict controls over package installation commands. This could include whitelisting allowed packages, requiring human approval for new installations, or executing installation commands only within isolated, ephemeral environments. Educate users on the risks of installing software from untrusted sources. | LLM | SKILL.md:128 |
Scan History
Embed Code
[](https://skillshield.io/report/151eac228e85de0a)
Powered by SkillShield