Trust Assessment
adr-gen received a trust score of 82/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 2 findings: 0 critical, 1 high, 1 medium, and 0 low severity. Key findings include Potential Command Injection and Path Traversal via `npx` arguments, Unpinned `npx` dependency allows execution of latest version.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings2
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Potential Command Injection and Path Traversal via `npx` arguments The skill demonstrates and encourages the use of `npx ai-adr` with arguments, including a decision statement and an `--output` file path. If these arguments are derived from untrusted user input without proper sanitization, a malicious user could inject arbitrary shell commands (e.g., `'; rm -rf /; #'`) or perform path traversal (e.g., `--output ../../../etc/passwd`) to write to arbitrary locations on the filesystem. The LLM's execution environment must prevent direct interpolation of untrusted input into shell commands. The LLM execution environment must strictly sanitize or escape all user-provided arguments before passing them to `npx` or any other shell command. This includes validating file paths to prevent path traversal. Alternatively, use a safer execution method that does not involve direct shell interpolation. | LLM | SKILL.md:15 | |
| MEDIUM | Unpinned `npx` dependency allows execution of latest version The skill instructs users to run `npx ai-adr` without specifying a version. `npx` by default fetches and executes the latest available version of the package from the npm registry. This introduces a supply chain risk: if a malicious actor gains control of the `ai-adr` package on npm, they could publish a compromised version, which would then be automatically executed by anyone using this skill. Recommend pinning the dependency to a specific version (e.g., `npx ai-adr@1.0.0`) to ensure deterministic execution and prevent automatic updates to potentially malicious versions. Users should also audit the `ai-adr` package before use. | LLM | SKILL.md:15 |
Scan History
Embed Code
[](https://skillshield.io/report/8470c5be0d5be637)
Powered by SkillShield