Trust Assessment
calorie-counter received a trust score of 86/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 1 finding: 0 critical, 1 high, 0 medium, and 0 low severity. Key findings include Potential Command Injection via Unsanitized User Input in Shell Commands.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Potential Command Injection via Unsanitized User Input in Shell Commands The skill's instructions in `SKILL.md` guide the agent to construct and execute shell commands using user-provided string inputs, specifically for the `add` command (e.g., `food_name`). If the agent directly embeds unsanitized user input into the command string without proper shell escaping, a malicious user could inject arbitrary shell commands. For instance, if a user provides `food_name` as `"sandwich"; rm -rf /; echo "` and the agent merely wraps it in quotes, the `rm -rf /` command could be executed by the shell. The agent responsible for executing this skill must ensure that all user-provided string arguments (like `food_name`) are rigorously sanitized and properly shell-escaped before being incorporated into the command string. Using a function like `shlex.quote()` in Python or passing arguments as a list to `subprocess.run(..., shell=False)` is recommended to prevent shell metacharacter interpretation. | LLM | SKILL.md:59 |
Scan History
Embed Code
[](https://skillshield.io/report/a74a52a2df304df1)
Powered by SkillShield