Trust Assessment
airfoil received a trust score of 72/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 1 finding: 1 critical, 0 high, 0 medium, and 0 low severity. Key findings include AppleScript Command Injection via Speaker Name.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 12, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | AppleScript Command Injection via Speaker Name The `airfoil.sh` script directly interpolates user-provided speaker names (`$SPEAKER`) into `osascript` commands without proper sanitization or escaping. An attacker can craft a malicious speaker name containing AppleScript code (e.g., by injecting double quotes and `& do shell script "..." &`) to break out of the string context and execute arbitrary shell commands on the macOS system where the skill is run. This affects the `connect`, `disconnect`, and `volume` commands. To prevent AppleScript injection, the speaker name must be properly escaped before being passed to `osascript`. The recommended approach is to use AppleScript's `quoted form of` operator. For example, change: `osascript -e "tell application \"Airfoil\" to connect to (first speaker whose name is \"$SPEAKER\")"` to: `osascript -e "tell application \"Airfoil\" to connect to (first speaker whose name is (quoted form of \"$SPEAKER\"))"` Apply this fix to all `osascript` calls that incorporate the `$SPEAKER` variable (lines 19, 27, and 38). | LLM | airfoil.sh:19 |
Scan History
Embed Code
[](https://skillshield.io/report/106b6945c629966e)
Powered by SkillShield