Security Audit

openant-ai/openant-skills:skills/team-task-dispatch

github.com/openant-ai/openant-skills

AI SkillCommit 0ad720024045

TRUSTED

Scanned 26 days ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

openant-ai/openant-skills:skills/team-task-dispatch received a trust score of 78/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.

SkillShield's automated analysis identified 2 findings: 0 critical, 1 high, 1 medium, and 0 low severity. Key findings include Unrestricted Bash arguments allow command injection, Unpinned dependency in `npx` command.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.

Last analyzed on March 5, 2026 (commit 0ad72002). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

100%

Static Code Analysis

78%

Dependency Graph

100%

LLM Behavioral Safety

100%

Behavioral Risk Signals

Shell Execution

2 findings

Dynamic Code

1 finding

Security Findings2

Severity	Finding	Layer	Location
HIGH	Unrestricted Bash arguments allow command injection The `allowed-tools` manifest permits `Bash` commands with a `` wildcard after `npx @openant-ai/cli@latest <command>`. This allows arbitrary arguments to be passed to the shell, including shell metacharacters (e.g., `;`, `&`, `\|`, `$(...)`), which can lead to command injection if user-controlled input is not properly sanitized or escaped before being passed to the `npx` command. An attacker could craft malicious input for parameters like `taskId`, `subtaskId`, `title`, `description`, or `comment` to execute arbitrary commands on the host system. Restrict the `allowed-tools` permissions to specific arguments or patterns, or ensure that the LLM's tool execution environment properly escapes all user-provided arguments before passing them to the shell. For example, instead of ``, specify allowed flags and argument types, or use a more constrained execution environment than raw Bash.	Static	SKILL.md:1
MEDIUM	Unpinned dependency in `npx` command The skill uses `npx @openant-ai/cli@latest` to execute its commands. Relying on the `@latest` tag for a package means that any new version published by the package maintainers (or an attacker who compromises the package) will be automatically downloaded and executed. This introduces a supply chain risk, as a malicious update to `@openant-ai/cli` could lead to arbitrary code execution on the agent's host. Pin the dependency to a specific version (e.g., `npx @openant-ai/cli@1.2.3`) or a specific major/minor version range (e.g., `npx @openant-ai/cli@^1.2.0`) to ensure consistent and vetted code execution. Regularly review and update the pinned version.	Static	SKILL.md:10

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/69f71f9467d53941.svg)](https://skillshield.io/report/69f71f9467d53941)