Security Audit
mrdulasolutions/exchekskills:exchek-partner-compliance
github.com/mrdulasolutions/exchekskillsTrust Assessment
mrdulasolutions/exchekskills:exchek-partner-compliance received a trust score of 55/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 4 findings: 1 critical, 1 high, 1 medium, and 1 low severity. Key findings include Unpinned npm dependency version, Node lockfile missing, Untrusted skill attempts to execute shell commands via host LLM.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 55/100, indicating areas for improvement.
Last analyzed on March 18, 2026 (commit c49adb39). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings4
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Untrusted skill attempts to execute shell commands via host LLM The `SKILL.md` file, which is explicitly designated as untrusted content, contains direct instructions for the host LLM to execute shell commands. Specifically, it instructs the LLM to run `node exchek-docx/scripts/report-to-docx.mjs` and `npm install --prefix exchek-docx/scripts`. This constitutes a critical prompt injection attempt, as the untrusted skill is trying to manipulate the host LLM into performing arbitrary actions on the underlying system. If the host LLM follows these instructions, it leads to a command injection vulnerability, allowing the skill to execute arbitrary code. The host LLM environment must be strictly hardened to prevent execution of any shell commands specified within untrusted skill definitions. Skills should declare their tool dependencies and execution requirements through a secure, sandboxed mechanism (e.g., a manifest with whitelisted tools and arguments), not via direct shell command instructions in markdown or other untrusted content. | LLM | SKILL.md:50 | |
| HIGH | Path traversal vulnerability in file read/write operations The `SKILL.md` instructs the LLM to ask the user for a report folder name and then construct a temporary file path based on this input. This user-controlled path is subsequently passed as an argument to the `report-to-docx.mjs` script. The `report-to-docx.mjs` script, which is part of the untrusted skill package, uses `path.resolve` to resolve the provided path and then performs file read (`fs.readFileSync`) and write (`fs.writeFileSync`) operations. An attacker could provide a path traversal sequence (e.g., `../../../../etc`) as the folder name, leading to the skill reading or writing files outside the intended directory. This could result in data exfiltration (reading sensitive system files) or arbitrary file modification/creation. Implement strict input validation and sanitization for user-provided folder names and generated file paths within the LLM's logic and the `report-to-docx.mjs` script. Ensure paths are confined to a designated sandbox directory using techniques like `path.join` with a base directory and checking for `path.normalize` results, or by using a library that specifically prevents path traversal. The `mdPath` argument should be validated to ensure it does not contain directory traversal sequences (e.g., `..`). | LLM | scripts/report-to-docx.mjs:150 | |
| MEDIUM | Unpinned npm dependency version Dependency 'docx' is not pinned to an exact version ('^9.6.1'). Pin dependencies to exact versions to reduce drift and supply-chain risk. | Dependencies | exchek-partner-compliance/scripts/package.json | |
| LOW | Node lockfile missing package.json is present but no lockfile was found (package-lock.json, pnpm-lock.yaml, or yarn.lock). Commit a lockfile for deterministic dependency resolution. | Dependencies | exchek-partner-compliance/scripts/package.json |
Scan History
Embed Code
[](https://skillshield.io/report/9290e1786fbe05ac)
Powered by SkillShield