Trust Assessment
a2a-lite received a trust score of 65/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 3 findings: 2 critical, 1 high, 0 medium, and 0 low severity. Key findings include Command Injection in format_message.sh, Command Injection in parse_message.sh via command substitution, JSON Injection in parse_message.sh.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 25/100, indicating areas for improvement.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Command Injection in format_message.sh The `format_message.sh` script directly interpolates user-provided arguments (`TYPE` and `PARAMS`) into an `echo` command without proper escaping. An attacker can inject shell metacharacters into the `TYPE` or `PARAMS` arguments, leading to arbitrary command execution on the host system. For example, if `TYPE` is `discover; rm -rf /`, the `rm -rf /` command would be executed. Sanitize or escape all user-provided input before interpolating it into shell commands. Consider using `printf %q` for shell-safe quoting or ensure that the variables are strictly validated against an allow-list of characters. Alternatively, use a safer method for constructing the string that does not involve direct shell interpolation of untrusted input. | LLM | scripts/format_message.sh:22 | |
| CRITICAL | Command Injection in parse_message.sh via command substitution The `parse_message.sh` script uses command substitution (`$(...)`) with untrusted input (`MESSAGE`, `HEADER_LINE`, `HEADER_CONTENT`) in several places. If the input message contains shell metacharacters like backticks (`` ` ``) or `$()`, an attacker can inject and execute arbitrary commands. For example, if `MESSAGE` contains `[A2A:type param=$(id)]`, the `id` command would be executed when `HEADER_CONTENT` is processed in the `for param in $(echo "$HEADER_CONTENT" | grep ...)` loop. Avoid using direct command substitution with untrusted input. If parsing is necessary, use safer methods that do not involve re-evaluating the input as shell commands. For example, use `read` with appropriate delimiters or parse the string character by character in a controlled environment. Ensure all variables holding untrusted data are properly quoted when used in commands. | LLM | scripts/parse_message.sh:15 | |
| HIGH | JSON Injection in parse_message.sh The `parse_message.sh` script constructs a JSON string (`PARAMS_JSON`) by directly concatenating `key` and `value` extracted from user input without proper JSON escaping. If `key` or `value` contain double quotes (`"`) or backslashes (`\`), the resulting JSON string will be malformed, potentially leading to parsing errors or, in a worst-case scenario, JSON injection if the consumer of this JSON string is vulnerable to such attacks (e.g., `eval`ing the JSON). Properly escape `key` and `value` before concatenating them into the JSON string. A robust solution would be to use a dedicated JSON parsing/generation tool (like `jq`) for the entire process, or implement a function to escape special characters (`"`, `\`, etc.) according to JSON standards. | LLM | scripts/parse_message.sh:30 |
Scan History
Embed Code
[](https://skillshield.io/report/b60bd53a0a74e4c8)
Powered by SkillShield