Trust Assessment
brainrepo received a trust score of 81/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 2 findings: 0 critical, 1 high, 1 medium, and 0 low severity. Key findings include Direct Shell Command Execution, Broad Filesystem Access in User's Home Directory.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings2
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Direct Shell Command Execution The skill explicitly describes executing shell commands (`mkdir -p`, `git init`, `git add -A`, `git commit`) during its onboarding process. While the paths are described as fixed, the direct execution of shell commands by an AI agent poses a significant risk. If the agent's execution environment is not properly sandboxed, or if any part of these commands could be dynamically influenced by untrusted input (e.g., user-provided project names), it could lead to arbitrary command injection. Even with fixed paths, the capability to run arbitrary shell commands is a powerful primitive that should be carefully controlled. Avoid direct shell command execution. If filesystem operations are required, use secure, sandboxed APIs provided by the AI agent platform. If git operations are needed, use a git library or API that does not involve direct shell calls, and ensure all inputs are strictly validated and sanitized. | LLM | SKILL.md:26 | |
| MEDIUM | Broad Filesystem Access in User's Home Directory The skill is designed to create, read, and write files and directories within `~/Documents/brainrepo/`. This grants the skill broad access to a significant portion of the user's home directory. While intended for its specific function, this level of access, especially if the AI agent runs with the user's permissions, could be exploited to read or modify other sensitive user data if the skill's logic were compromised or if it were tricked into operating outside its intended `brainrepo` subdirectory. Implement strict access controls to limit the skill's filesystem operations only to its designated `brainrepo` directory and its subdirectories. Ensure the AI agent platform provides sandboxing or virtualized filesystem access to prevent unintended access to other parts of the user's system. | LLM | SKILL.md:10 |
Scan History
Embed Code
[](https://skillshield.io/report/49d1c93d8867951b)
Powered by SkillShield