Trust Assessment
anylist received a trust score of 72/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 1 finding: 1 critical, 0 high, 0 medium, and 0 low severity. Key findings include Potential Command Injection via unsanitized user input to `anylist` CLI.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Potential Command Injection via unsanitized user input to `anylist` CLI The skill's primary function involves executing the `anylist` command-line interface with arguments derived from user input (e.g., list names, item names, categories, quantities). If these user-provided strings are not properly sanitized and shell-escaped before being passed to a shell for execution, an attacker could inject arbitrary shell commands. For example, a malicious user could provide an item name like `"Milk"; rm -rf /` which, if unescaped, would execute `rm -rf /` on the host system, leading to arbitrary code execution. Implement robust input sanitization and shell escaping for all user-provided arguments before constructing and executing `anylist` commands. Use a safe command execution mechanism that prevents shell interpretation of argument values. For example, pass arguments as a list to `subprocess.run()` in Python, or ensure proper quoting/escaping if using `shell=True`. | LLM | SKILL.md:40 |
Scan History
Embed Code
[](https://skillshield.io/report/96e0bdf1f2ecaef9)
Powered by SkillShield