Trust Assessment
branch-namer received a trust score of 58/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 3 findings: 1 critical, 1 high, 1 medium, and 0 low severity. Key findings include Unpinned npm dependency version, User input directly passed to LLM without sanitization, LLM-generated output used in shell command without validation.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 55/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | User input directly passed to LLM without sanitization The `description` argument, which is user-controlled input, is directly incorporated into the LLM's prompt as a user message. This allows for prompt injection attacks where a malicious user could attempt to override the system instructions, extract the system prompt, or manipulate the LLM's behavior to generate unintended or harmful output. Implement robust input validation and sanitization for the `description` before it is sent to the LLM. Consider using techniques like prompt templating with strict variable insertion, or a separate LLM call to validate/sanitize the user input. Additionally, implement output validation to ensure the LLM's response adheres to expected formats. | LLM | src/index.ts:12 | |
| HIGH | LLM-generated output used in shell command without validation The `branchName` generated by the LLM is directly passed to `simpleGit().checkoutLocalBranch()`. While `simple-git` typically uses `child_process.spawn` which prevents direct shell command injection, a malicious prompt injection could coerce the LLM into generating a `branchName` that includes valid git arguments (e.g., `feat/my-feature --orphan`) or other characters that could alter the intended `git checkout` command's behavior. This could lead to unintended repository state changes or other undesirable side effects. Implement strict validation of the `branchName` returned by the LLM. This validation should ensure the branch name adheres to a predefined regex pattern for valid git branch names, disallowing any characters or patterns that could be interpreted as git command arguments or shell metacharacters. For example, a regex like `^[a-zA-Z0-9\/\-]{1,50}$` could be a starting point, further refined by git's specific rules. | LLM | src/index.ts:26 | |
| MEDIUM | Unpinned npm dependency version Dependency 'commander' is not pinned to an exact version ('^12.1.0'). Pin dependencies to exact versions to reduce drift and supply-chain risk. | Dependencies | skills/lxgicstudios/branch-namer/package.json |
Scan History
Embed Code
[](https://skillshield.io/report/43e56a89c7acaa6d)
Powered by SkillShield