Trust Assessment
decide received a trust score of 85/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 1 finding: 0 critical, 0 high, 0 medium, and 1 low severity. Key findings include Skill describes shell command execution.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on April 1, 2026 (commit 3186bc90). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| LOW | Skill describes shell command execution The skill's process description explicitly includes a `bash` command for finding the next Agent Decision Record (AgDR) ID. While the specific command `ls docs/agdr/AgDR-*.md` uses a wildcard and the `slug` (derived from user input) is described as sanitized ('Lowercase, hyphens, max 50 chars'), the presence of shell execution in the skill's intended functionality introduces a risk of command injection. If the LLM's implementation deviates from strict sanitization, or if future modifications introduce unsanitized user-controlled input into command arguments, it could lead to arbitrary command execution. Ensure all user-provided inputs used in shell commands are rigorously sanitized and escaped. Consider using safer, language-native file system operations (e.g., Python's `os.listdir` and string parsing) instead of shell commands where possible to reduce the attack surface and prevent potential command injection vulnerabilities. | LLM | SKILL.md:55 |
Scan History
Embed Code
[](https://skillshield.io/report/1daff16083a7aeed)
Powered by SkillShield