Trust Assessment
kotlin-specialist received a trust score of 42/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 5 findings: 1 critical, 1 high, 3 medium, and 0 low severity. Key findings include Persistence / self-modification instructions, Persistence mechanism: Shell RC file modification, Potential Command Injection via External Tool Execution.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on June 1, 2026 (commit e8be415b). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings5
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Persistence / self-modification instructions Shell RC file modification for persistence Remove any persistence mechanisms. Skills should not modify system startup configurations, crontabs, LaunchAgents, systemd services, or shell profiles. | Manifest | skills/kotlin-specialist/SKILL.md:75 | |
| HIGH | Potential Command Injection via External Tool Execution The skill's workflow explicitly states it will 'Run `detekt` and `ktlint`'. This indicates the skill has the capability to execute external commands. If the arguments passed to these tools can be influenced by user input, or if the skill can be prompted to execute arbitrary commands, it could lead to command injection, allowing an attacker to run malicious code on the host system. Implement strict sandboxing for command execution. Ensure that any arguments passed to external tools are hardcoded or strictly validated and sanitized, preventing user input from influencing the command string. Restrict the set of executable commands to an allow-list. | LLM | SKILL.md:20 | |
| MEDIUM | Persistence mechanism: Shell RC file modification Detected Shell RC file modification pattern. Persistence mechanisms allow malware to survive system restarts. Review this persistence pattern. Skills should not modify system startup configuration. | Static | skills/kotlin-specialist/SKILL.md:75 | |
| MEDIUM | Potential Data Exfiltration / Credential Harvesting via Environment Variables The skill demonstrates the ability to access environment variables using `System.getenv()`. If the skill can be prompted to read arbitrary environment variables or if sensitive information (like API keys, database credentials, or other secrets) is stored in environment variables, an attacker could potentially exfiltrate this data by crafting a prompt that causes the skill to read and output the variable's value. Restrict the skill's access to environment variables to an explicit allow-list of non-sensitive variables. Ensure that the LLM's output is filtered to prevent it from revealing sensitive information, even if it manages to read it. Avoid storing sensitive credentials directly in environment variables accessible by the skill. | LLM | SKILL.md:76 | |
| MEDIUM | Potential Data Exfiltration via Local File Access The 'Reference Guide' section indicates that the skill can 'Load detailed guidance based on context' from local markdown files (e.g., `references/coroutines-flow.md`). This implies the skill has filesystem read access. If a malicious user can manipulate the path or filename to be loaded, they could potentially read arbitrary files from the host system, leading to data exfiltration. Implement strict sandboxing for file access, limiting it to a specific, non-sensitive directory. Ensure that any file paths used are hardcoded or strictly validated and sanitized, preventing user input from influencing the path. | LLM | SKILL.md:28 |
Scan History
Embed Code
[](https://skillshield.io/report/2ee3ce1c485d3f1d)
Powered by SkillShield