Security Audit
openant-ai/openant-skills:skills/create-task
github.com/openant-ai/openant-skillsTrust Assessment
openant-ai/openant-skills:skills/create-task received a trust score of 78/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 2 findings: 0 critical, 1 high, 1 medium, and 0 low severity. Key findings include Potential Command Injection via User-Controlled Arguments, Unpinned Dependency in CLI Tool.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on March 5, 2026 (commit 0ad72002). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings2
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Potential Command Injection via User-Controlled Arguments The skill's `allowed-tools` grant broad `Bash` execution permissions for `npx @openant-ai/cli@latest` commands, allowing arbitrary arguments (e.g., `Bash(npx @openant-ai/cli@latest tasks create *)`). The skill's documentation shows that user-controlled strings (like `--title`, `--description`, `--tags`, `--prompt`) are passed as arguments to these commands. If the agent or the underlying shell execution environment does not properly sanitize or escape these user-provided strings before execution, a malicious user could inject arbitrary shell commands. For example, an attacker could craft a title like `"My Title; rm -rf /"` to execute arbitrary commands. Implement robust input sanitization and escaping for all user-provided arguments before constructing and executing shell commands. Consider using a library or framework that automatically handles shell escaping. If possible, restrict the `*` wildcard in `allowed-tools` to a more specific set of expected arguments or patterns, or use a more secure execution mechanism than direct `Bash` invocation for user-controlled inputs. | Static | Manifest:1 | |
| MEDIUM | Unpinned Dependency in CLI Tool The skill explicitly uses `npx @openant-ai/cli@latest` in its commands. Relying on `@latest` for a critical CLI tool introduces a supply chain risk. If a malicious update to the `@openant-ai/cli` package is published, the agent would automatically download and execute the compromised version without explicit review, potentially leading to arbitrary code execution or data exfiltration. Pin the version of `@openant-ai/cli` to a specific, known-good version (e.g., `npx @openant-ai/cli@1.2.3`). Regularly review and manually update the pinned version after verifying its integrity and security. This prevents automatic execution of potentially malicious future releases. | Static | SKILL.md:5 |
Scan History
Embed Code
[](https://skillshield.io/report/6d59549e620a5441)
Powered by SkillShield