Security Audit

jnMetaCode/superpowers-zh:skills/workflow-runner

github.com/jnMetaCode/superpowers-zh

AI SkillCommit 03baa7805d2c

TRUSTED

Scanned 5 days ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

jnMetaCode/superpowers-zh:skills/workflow-runner received a trust score of 81/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.

SkillShield's automated analysis identified 2 findings: 0 critical, 1 high, 1 medium, and 0 low severity. Key findings include Potential Command Injection via Bash execution, Unpinned dependency in installation instructions.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.

Last analyzed on March 25, 2026 (commit 03baa780). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

100%

Static Code Analysis

100%

Dependency Graph

100%

LLM Behavioral Safety

78%

Behavioral Risk Signals

Shell Execution

1 finding

Dynamic Code

1 finding

Security Findings2

Severity	Finding	Layer	Location
HIGH	Potential Command Injection via Bash execution The skill explicitly instructs the host LLM to execute a Bash command (`test -d`) to check for directory existence. This indicates that the skill expects and leverages shell execution capabilities. While `test -d` itself is benign, instructing the LLM to use `Bash` opens a command injection vulnerability. If an attacker can control variables used in such shell commands (e.g., `agents_dir`), they could potentially achieve arbitrary command execution on the host system. Avoid instructing the LLM to directly execute shell commands. If directory checks are necessary, use a safer, sandboxed API provided by the LLM's environment or a dedicated tool that does not expose raw shell access. Ensure all inputs used in file paths or commands are strictly validated and sanitized.	LLM	SKILL.md:29
MEDIUM	Unpinned dependency in installation instructions The skill suggests installing the `agency-agents-zh` package via `npm install agency-agents-zh` without specifying a version. This makes the skill vulnerable to supply chain attacks, where a malicious version of the package could be published to the npm registry and installed by users. Similarly, `git clone` without a specific commit hash means the content of the cloned repository can change over time, potentially introducing malicious code. Always pin dependencies to a specific version (e.g., `npm install agency-agents-zh@1.2.3`) or a specific commit hash for git repositories. This ensures reproducibility and reduces the risk of malicious updates. Advise users to review the source code of external dependencies before installation.	LLM	SKILL.md:41

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/115b4909ba7fc67b.svg)](https://skillshield.io/report/115b4909ba7fc67b)