Trust Assessment
apple-photos received a trust score of 65/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 10 findings: 2 critical, 6 high, 2 medium, and 0 low severity. Key findings include Excessive Permissions: Full Disk Access, SQL Injection via UUID in photos-export.sh, Shell Command Injection via Output Path in photos-export.sh.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 0/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings10
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Shell Command Injection via Output Path in photos-export.sh The user-supplied output path (`$2` or `OUTPUT`) is directly used in shell commands like `mkdir -p`, `magick`, `convert`, `sips`, and `cp`. If the `OUTPUT` variable contains shell metacharacters (e.g., `$(command)`, `;`, `|`, `&`, `>`), an attacker can execute arbitrary shell commands or write files to arbitrary locations on the system, leading to full system compromise given 'Full Disk Access'. Strictly validate and sanitize the `OUTPUT` path to ensure it is a safe, non-malicious file path. Use `printf %q` to properly quote the path when passing it to shell commands, or use a safer API that doesn't involve direct shell execution for path handling. | LLM | scripts/photos-export.sh:39 | |
| CRITICAL | AppleScript Injection via Query in photos-search-content.sh The user-supplied `QUERY` (`$1`) is directly embedded into an `osascript` command string. AppleScript allows execution of arbitrary shell commands via `do shell script`. An attacker can inject malicious AppleScript code (e.g., by crafting `QUERY` to include `" & do shell script "rm -rf /" & "`) to execute arbitrary commands on the user's system, leading to full system compromise. Sanitize the `$QUERY` variable by escaping all double quotes and other AppleScript metacharacters before embedding it into the `osascript` string. A robust solution would be to use `quoted form of` in AppleScript or pass the query via a safer mechanism. | LLM | scripts/photos-search-content.sh:19 | |
| HIGH | Excessive Permissions: Full Disk Access The skill requires 'Full Disk Access' for the terminal. While this may be necessary for Photos.app integration, it grants any script executed by the terminal (including potentially vulnerable ones within this skill) unrestricted read/write access to all user files and system directories. This significantly escalates the impact of any command injection or data exfiltration vulnerabilities. Acknowledge the elevated risk. Ensure all scripts are thoroughly sanitized against command injection and data exfiltration. If possible, explore more granular permissions or sandboxing mechanisms. | LLM | SKILL.md:7 | |
| HIGH | SQL Injection via UUID in photos-export.sh The user-supplied UUID (`$1`) is directly concatenated into an SQLite query without proper sanitization. An attacker can inject malicious SQL commands by crafting the UUID argument, potentially leading to data exfiltration, modification, or denial of service within the Photos database. Sanitize the `$UUID` variable by escaping single quotes or, preferably, use `sqlite3`'s parameter binding feature to prevent SQL injection. For example, `sqlite3 "$PHOTOS_DB" "SELECT ZFILENAME, ZDIRECTORY FROM ZASSET WHERE ZUUID = ? AND ZTRASHEDSTATE = 0 LIMIT 1;" "$UUID"`. | LLM | scripts/photos-export.sh:20 | |
| HIGH | SQL Injection via UUID in photos-info.sh The user-supplied UUID (`$1`) is directly concatenated into an SQLite query without proper sanitization. An attacker can inject malicious SQL commands by crafting the UUID argument, potentially leading to data exfiltration, modification, or denial of service within the Photos database. Sanitize the `$UUID` variable by escaping single quotes or, preferably, use `sqlite3`'s parameter binding feature to prevent SQL injection. For example, `sqlite3 -separator '|' "$PHOTOS_DB" "SELECT ... FROM ZASSET WHERE ZUUID = ? AND ZTRASHEDSTATE = 0 LIMIT 1;" "$UUID"`. | LLM | scripts/photos-info.sh:20 | |
| HIGH | AppleScript Injection via Limit in photos-search-content.sh The user-supplied `LIMIT` (`$2`) is directly embedded into an `osascript` command string. Although expected to be an integer, if not strictly validated, an attacker could inject malicious AppleScript code, similar to the `QUERY` vulnerability, potentially leading to arbitrary command execution. Strictly validate that `$LIMIT` is an integer before embedding it into the `osascript` string. If it must be a string, sanitize it by escaping all double quotes and other AppleScript metacharacters. | LLM | scripts/photos-search-content.sh:22 | |
| HIGH | SQL Injection via Name in photos-search-person.sh The user-supplied `NAME` (`$1`) is directly concatenated into an SQLite `LIKE` query without proper sanitization. An attacker can inject malicious SQL commands by crafting the `NAME` argument (e.g., `%' OR 1=1 --`), potentially leading to data exfiltration or manipulation within the Photos database. Sanitize the `$NAME` variable by escaping single quotes and percent signs for use in `LIKE` clauses, or use `sqlite3`'s parameter binding feature if supported for `LIKE` patterns. | LLM | scripts/photos-search-person.sh:20 | |
| HIGH | SQL Injection via Person IDs and Limit in photos-search-person.sh The `PERSON_IDS` variable, derived from a previous SQL query that uses user input (`NAME`), is directly inserted into a subsequent SQL `IN` clause. If the initial `NAME` input was malicious, this creates a second-order SQL injection. Additionally, the `LIMIT` variable is directly inserted without sanitization. An attacker could exploit this to exfiltrate or manipulate data. Ensure the `$NAME` variable is properly sanitized in the first query to prevent `PERSON_IDS` from becoming malicious. Strictly validate that `$LIMIT` is an integer before embedding it into the SQL query. | LLM | scripts/photos-search-person.sh:31 | |
| MEDIUM | Potential SQL Injection via Count in photos-recent.sh The user-supplied `COUNT` (`$1`) is directly concatenated into an SQLite `LIMIT` clause. While `LIMIT` typically expects an integer, if `COUNT` is not strictly validated as a number, an attacker could potentially inject malicious SQL, leading to unexpected query behavior or denial of service. Strictly validate that `$COUNT` is an integer before embedding it into the SQL query. For example, use a regex check or shell arithmetic to ensure it's a number. | LLM | scripts/photos-recent.sh:20 | |
| MEDIUM | Potential SQL Injection via Date/Limit in photos-search-date.sh The `start_apple`, `end_apple`, and `LIMIT` variables are directly concatenated into an SQLite query. While these are expected to be integers derived from date parsing, if the date parsing fails or is bypassed, or if `LIMIT` is not strictly validated, an attacker could potentially inject malicious SQL, leading to unexpected query behavior or denial of service. Strictly validate that `start_apple`, `end_apple`, and `LIMIT` are integers before embedding them into the SQL query. Ensure robust error handling for date parsing. | LLM | scripts/photos-search-date.sh:40 |
Scan History
Embed Code
[](https://skillshield.io/report/6824be2b96c620b9)
Powered by SkillShield