Trust Assessment
canva received a trust score of 48/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 5 findings: 2 critical, 0 high, 2 medium, and 1 low severity. Key findings include Sensitive environment variable access: $HOME, Node lockfile missing, Unsanitized user input in 'autofill' command leads to command injection.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 40/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings5
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Unsanitized user input in 'autofill' command leads to command injection The `canva.sh` script's `autofill` command takes user-provided JSON data as its third argument (`$3`). This argument is directly embedded into a string that forms the request body for a `curl` command. If `$3` contains shell metacharacters (e.g., `$(command)` or backticks), the shell will execute these commands before `curl` is invoked, leading to arbitrary command execution on the host system. The vulnerability occurs when constructing the JSON payload at line 79, which is then used in the `api` function's `curl -d` call at line 30. The user-provided JSON data (`$3`) must be properly escaped to prevent shell expansion before being passed to `curl`. A robust solution involves validating the input to ensure it does not contain shell metacharacters or using `printf %q` to escape the argument if it must be embedded directly into a shell string. For JSON data, consider using `jq --argjson` to safely construct the payload, e.g., `JSON_PAYLOAD=$(jq -n --arg template_id "$2" --argjson user_data "$3" '{brand_template_id: $template_id, data: $user_data}')`. | LLM | scripts/canva.sh:79 | |
| CRITICAL | Unsanitized file path in 'upload' command leads to command injection The `canva.sh` script's `upload` command takes a user-provided file path as its second argument (`$2`). This argument is then directly used in `curl --data-binary "@$2"`. If `$2` contains shell metacharacters (e.g., `$(command)` or backticks), the shell will execute these commands before `curl` is invoked, leading to arbitrary command execution on the host system. The user-provided file path (`$2`) must be properly escaped to prevent shell expansion before being passed to `curl`. A robust solution involves using `printf %q` to escape the argument for the shell, or validating the input to ensure it is a safe file path and does not contain shell metacharacters. | LLM | scripts/canva.sh:90 | |
| MEDIUM | Sensitive environment variable access: $HOME Access to sensitive environment variable '$HOME' detected in shell context. Verify this environment variable access is necessary and the value is not exfiltrated. | Static | skills/abgohel/canva/scripts/canva-auth.sh:12 | |
| MEDIUM | Sensitive environment variable access: $HOME Access to sensitive environment variable '$HOME' detected in shell context. Verify this environment variable access is necessary and the value is not exfiltrated. | Static | skills/abgohel/canva/scripts/canva.sh:7 | |
| LOW | Node lockfile missing package.json is present but no lockfile was found (package-lock.json, pnpm-lock.yaml, or yarn.lock). Commit a lockfile for deterministic dependency resolution. | Dependencies | skills/abgohel/canva/package.json |
Scan History
Embed Code
[](https://skillshield.io/report/61bfdd39d70b0db5)
Powered by SkillShield