Trust Assessment
bridle received a trust score of 10/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 14 findings: 6 critical, 7 high, 1 medium, and 0 low severity. Key findings include File read + network send exfiltration, Sensitive path access: AI agent config, Arbitrary code installation from untrusted GitHub repositories.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The Manifest Analysis layer scored lowest at 0/100, indicating areas for improvement.
Last analyzed on February 12, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings14
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | File read + network send exfiltration AI agent config/credential file access Remove access to sensitive files not required by the skill's stated purpose. SSH keys, cloud credentials, and browser data should never be read by skills unless explicitly part of their declared functionality. | Manifest | skills/bjesuiter/bridle/SKILL.md:105 | |
| CRITICAL | File read + network send exfiltration AI agent config/credential file access Remove access to sensitive files not required by the skill's stated purpose. SSH keys, cloud credentials, and browser data should never be read by skills unless explicitly part of their declared functionality. | Manifest | skills/bjesuiter/bridle/SKILL.md:114 | |
| CRITICAL | File read + network send exfiltration AI agent config/credential file access Remove access to sensitive files not required by the skill's stated purpose. SSH keys, cloud credentials, and browser data should never be read by skills unless explicitly part of their declared functionality. | Manifest | skills/bjesuiter/bridle/SKILL.md:115 | |
| CRITICAL | File read + network send exfiltration AI agent config/credential file access Remove access to sensitive files not required by the skill's stated purpose. SSH keys, cloud credentials, and browser data should never be read by skills unless explicitly part of their declared functionality. | Manifest | skills/bjesuiter/bridle/SKILL.md:116 | |
| CRITICAL | File read + network send exfiltration AI agent config/credential file access Remove access to sensitive files not required by the skill's stated purpose. SSH keys, cloud credentials, and browser data should never be read by skills unless explicitly part of their declared functionality. | Manifest | skills/bjesuiter/bridle/SKILL.md:117 | |
| CRITICAL | Arbitrary code installation from untrusted GitHub repositories The `bridle install owner/repo` command allows users to install skills, agents, commands, and MCPs from any specified GitHub repository. This functionality enables the installation and potential execution of arbitrary code from untrusted or malicious sources, posing a severe supply chain risk. An attacker could publish a malicious repository and trick users into installing it, leading to system compromise or data exfiltration. Implement a curated list of trusted repositories, require explicit user confirmation for installations from untrusted sources, or implement sandboxing for installed components to limit their capabilities. | LLM | SKILL.md:69 | |
| HIGH | Sensitive path access: AI agent config Access to AI agent config path detected: '~/.claude/'. This may indicate credential theft. Verify that access to this sensitive path is justified and declared. | Static | skills/bjesuiter/bridle/SKILL.md:105 | |
| HIGH | Sensitive path access: AI agent config Access to AI agent config path detected: '~/.claude/'. This may indicate credential theft. Verify that access to this sensitive path is justified and declared. | Static | skills/bjesuiter/bridle/SKILL.md:114 | |
| HIGH | Sensitive path access: AI agent config Access to AI agent config path detected: '~/.claude/'. This may indicate credential theft. Verify that access to this sensitive path is justified and declared. | Static | skills/bjesuiter/bridle/SKILL.md:115 | |
| HIGH | Sensitive path access: AI agent config Access to AI agent config path detected: '~/.claude/'. This may indicate credential theft. Verify that access to this sensitive path is justified and declared. | Static | skills/bjesuiter/bridle/SKILL.md:116 | |
| HIGH | Sensitive path access: AI agent config Access to AI agent config path detected: '~/.claude/'. This may indicate credential theft. Verify that access to this sensitive path is justified and declared. | Static | skills/bjesuiter/bridle/SKILL.md:117 | |
| HIGH | Command Injection via configurable editor The `bridle` tool allows setting an arbitrary `editor` command via `bridle config set editor <value>`. When `bridle profile edit <harness> <name>` is used, this configured editor is likely executed with the profile file as an argument. An attacker or a compromised configuration could set `editor` to a malicious script or command, leading to arbitrary code execution when `bridle profile edit` is invoked. Sanitize or restrict the `editor` configuration value to known safe executables. Alternatively, provide a mechanism to confirm execution of untrusted commands or use a secure, internal file editing mechanism. | LLM | SKILL.md:90 | |
| HIGH | Unpinned dependencies for tool installation The installation methods (`brew install neiii/bridle/bridle` and `cargo install bridle`) for the `bridle` tool do not specify a version or commit hash. This allows for automatic installation of the latest version, which could introduce malicious code if the upstream repository or package registry is compromised. Users would unknowingly install a compromised version of the `bridle` tool. Recommend installing specific versions (e.g., `brew install neiii/bridle/bridle@1.2.3` or `cargo install bridle --version 1.2.3`) or provide instructions for verifying checksums to ensure integrity. | LLM | SKILL.md:20 | |
| MEDIUM | Exposure of sensitive configuration data The `bridle profile show` and `bridle config get` commands can display sensitive configuration details, including potentially API keys, tokens, or other credentials used by AI coding assistants. If these commands are executed in insecure environments (e.g., shared terminals, logs), or if the output is not properly masked/secured, it could lead to credential harvesting or data exfiltration. Implement masking or redaction for sensitive fields in command output. Advise users to exercise caution when displaying configuration details in shared or logged environments and to secure their terminal history. | LLM | SKILL.md:49 |
Scan History
Embed Code
[](https://skillshield.io/report/06ba87af332fddcc)
Powered by SkillShield