Trust Assessment
big-data-analysis received a trust score of 58/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 4 findings: 0 critical, 3 high, 1 medium, and 0 low severity. Key findings include Missing required field: name, Arbitrary File Read via Parquet Loader, Arbitrary File Read via CSV Stream Processor.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 55/100, indicating areas for improvement.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings4
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Arbitrary File Read via Parquet Loader The `load_from_parquet` method allows reading data from an arbitrary file path specified by the `path` argument. If an attacker can control this argument, they could read sensitive files from the system (e.g., `/etc/passwd`, `~/.ssh/id_rsa`), leading to data exfiltration. The skill does not implement any path validation or sandboxing for this input. Implement strict path validation to ensure `path` refers only to allowed data directories. Consider sandboxing the execution environment or using a virtual filesystem. Avoid directly passing untrusted user input to file path arguments. | LLM | SKILL.md:104 | |
| HIGH | Arbitrary File Read via CSV Stream Processor The `stream_process` method allows reading data from an arbitrary CSV file path specified by the `file_path` argument. If an attacker can control this argument, they could read sensitive files from the system, leading to data exfiltration. The skill does not implement any path validation or sandboxing for this input. Implement strict path validation to ensure `file_path` refers only to allowed data directories. Consider sandboxing the execution environment or using a virtual filesystem. Avoid directly passing untrusted user input to file path arguments. | LLM | SKILL.md:109 | |
| HIGH | Arbitrary File Write via Excel Export The `export_analysis` method allows writing analysis results to an arbitrary file path specified by the `output_path` argument. If an attacker can control this argument, they could overwrite existing system files, write data to sensitive locations, or exfiltrate data by writing to publicly accessible directories. The skill does not implement any path validation or sandboxing for this input. Implement strict path validation to ensure `output_path` refers only to allowed output directories. Consider sandboxing the execution environment or using a virtual filesystem. Avoid directly passing untrusted user input to file path arguments. | LLM | SKILL.md:285 | |
| MEDIUM | Missing required field: name The 'name' field is required for claude_code skills but is missing from frontmatter. Add a 'name' field to the SKILL.md frontmatter. | Static | skills/datadrivenconstruction/big-data-analysis/SKILL.md:1 |
Scan History
Embed Code
[](https://skillshield.io/report/bd7a461e411dc5fe)
Powered by SkillShield