Trust Assessment
agent-constitution received a trust score of 81/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 3 findings: 0 critical, 1 high, 1 medium, and 1 low severity. Key findings include Potential Command Injection via Unsanitized User Input in Shell Commands, Reliance on Unaudited Local Shell Scripts, Implicit Requirement for Broad Shell Execution Permissions.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Potential Command Injection via Unsanitized User Input in Shell Commands The skill provides `bash` command examples that take user-supplied arguments (e.g., `<agentId>`, `<actionType>`, `<description>`). If an AI agent constructs these commands by directly embedding untrusted user input into the placeholders without proper sanitization or quoting, it could lead to command injection. This is particularly concerning for the custom shell scripts (`./scripts/*.sh`) whose internal argument handling is unknown, but also applies to `cast` commands if arguments are not correctly escaped. The skill explicitly instructs the execution of these patterns. Instruct the AI agent to sanitize and properly quote/escape all user-provided arguments before embedding them into shell commands. For custom scripts, ensure the scripts themselves robustly handle and sanitize all input arguments. | LLM | SKILL.md:78 | |
| MEDIUM | Reliance on Unaudited Local Shell Scripts The skill instructs the execution of local shell scripts (e.g., `./scripts/check-compliance.sh`, `./scripts/get-rules.sh`, `./scripts/log-action.sh`). The content and security posture of these scripts are not provided or auditable within the skill package. This introduces a supply chain risk, as an AI agent using this skill would be executing external, unaudited code, which could contain vulnerabilities or malicious logic. Provide the source code for all referenced local scripts within the skill package, or clearly document their expected functionality and security guarantees. Alternatively, replace script calls with direct `cast` commands or other auditable, self-contained logic. | LLM | SKILL.md:20 | |
| LOW | Implicit Requirement for Broad Shell Execution Permissions The skill's functionality relies on the AI agent having the ability to execute arbitrary shell commands (e.g., `cast`, custom `./scripts/*.sh`). While these permissions are necessary for the skill to operate as described, they are broad and could be exploited if the agent's execution environment is not properly sandboxed or if command injection vulnerabilities exist. The use of `$AGENT_PRIVATE_KEY` also implies access to sensitive environment variables. Ensure the AI agent's execution environment is strictly sandboxed, limiting its access to only necessary commands and resources. Implement robust input validation and sanitization for all shell commands. Consider using more constrained execution methods if possible. | LLM | SKILL.md:78 |
Scan History
Embed Code
[](https://skillshield.io/report/7d71aedf0c19bc18)
Powered by SkillShield