Trust Assessment
caffeine received a trust score of 86/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 1 finding: 0 critical, 1 high, 0 medium, and 0 low severity. Key findings include Potential Command Injection via `caffeinate` with user-provided command.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Potential Command Injection via `caffeinate` with user-provided command The skill provides an example of using `caffeinate -i -- [command]` to keep the system awake while another command runs. This pattern, found in the macOS section, allows for the execution of an arbitrary command specified after `--`. If an AI agent substitutes `[command]` with unsanitized user input, it could lead to arbitrary command execution on the host system, allowing an attacker to run malicious code. When an AI agent generates or executes commands based on this pattern, it must ensure that any user-provided command arguments are rigorously sanitized or validated to prevent shell injection. Consider using a safer execution mechanism that explicitly separates commands from their arguments, or implement robust escaping of shell metacharacters for user input. | LLM | SKILL.md:60 |
Scan History
Embed Code
[](https://skillshield.io/report/fa111cd13b57348e)
Powered by SkillShield