Trust Assessment
arb-injection received a trust score of 77/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 3 findings: 0 critical, 1 high, 2 medium, and 0 low severity. Key findings include Skill instructs agent to execute arbitrary shell commands for maintenance, Skill requires broad system execution permissions for maintenance, Potential for unpinned dependencies in `npm install`.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Skill instructs agent to execute arbitrary shell commands for maintenance The skill's `SKILL.md` explicitly instructs the agent to perform `git pull origin main` and `npm install` for daily maintenance. If the agent is configured to follow these instructions, it will execute these shell commands. This creates a command injection vulnerability, as a compromised skill definition could lead to the execution of arbitrary commands on the host system. Agent platforms should not directly execute shell commands described in skill documentation. Instead, they should use sandboxed environments or dedicated, platform-native update mechanisms. If shell execution is unavoidable, commands should be strictly whitelisted and parameters sanitized. | LLM | SKILL.md:110 | |
| MEDIUM | Skill requires broad system execution permissions for maintenance The skill's `SKILL.md` explicitly instructs the agent to perform `git pull origin main` and `npm install` for daily maintenance. This implies the agent running the skill must have permissions to execute `git` and `npm` commands, which are broad system-level commands. Granting such broad permissions to an automated agent increases the attack surface if the skill or its dependencies are compromised. Implement a more granular permission model for skill execution. If updates are required, consider sandboxed environments or dedicated update services that do not grant full shell access to the skill's runtime. Use platform-specific update mechanisms if available. | LLM | SKILL.md:110 | |
| MEDIUM | Potential for unpinned dependencies in `npm install` The skill's installation and maintenance instructions include `npm install`. Without a `package-lock.json` file or explicit version pinning in `package.json`, this command can lead to non-deterministic builds and introduce vulnerabilities if a dependency is compromised or updated with breaking/malicious changes. This is a common supply chain risk in Node.js projects. Ensure all dependencies in `package.json` are explicitly pinned to exact versions. Commit `package-lock.json` to the repository to guarantee deterministic builds. Consider using a dependency vulnerability scanner. | LLM | SKILL.md:112 |
Scan History
Embed Code
[](https://skillshield.io/report/cf8e9069ec3869f6)
Powered by SkillShield