Trust Assessment
change-pdf-permissions received a trust score of 63/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 5 findings: 0 critical, 1 high, 3 medium, and 1 low severity. Key findings include Suspicious import: requests, Potential data exfiltration: file read + network send, Unpinned Python dependency version.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings5
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Potential data exfiltration: file read + network send Function 'create_job' reads files and sends data over the network. This may indicate data exfiltration. Review this function to ensure file contents are not being sent to external servers. | Static | skills/crossservicesolutions/change-pdf-permissions/scripts/change-pdf-permissions.py:81 | |
| MEDIUM | Suspicious import: requests Import of 'requests' detected. This module provides network or low-level system access. Verify this import is necessary. Network and system modules in skill code may indicate data exfiltration. | Static | skills/crossservicesolutions/change-pdf-permissions/scripts/change-pdf-permissions.py:21 | |
| MEDIUM | Unpinned Python dependency version Requirement 'requests>=2.32.0' is not pinned to an exact version. Pin Python dependencies with '==<exact version>'. | Dependencies | skills/crossservicesolutions/change-pdf-permissions/requirements.txt:1 | |
| MEDIUM | Arbitrary File Read via PDF Path The skill is designed to process a user-provided PDF file. It declares 'files' permission and uses `open(pdf_path, 'rb')` to read the file specified by the `--pdf` argument. While the skill includes a basic `is_pdf_file` check (which only validates the file extension), it does not perform robust content-type validation. An attacker could manipulate the agent to provide a path to an arbitrary sensitive file (e.g., `/etc/passwd`, `~/.ssh/id_rsa`) instead of a PDF. The skill would then read the content of this arbitrary file and attempt to upload it to the external API, potentially leading to data exfiltration, even if the API rejects it as a non-PDF. Implement robust content-type validation (e.g., by reading magic bytes or using a library like `python-magic`) to ensure the file is indeed a PDF before reading and uploading its contents. Additionally, consider restricting the filesystem scope if the agent environment allows for it, or sanitizing the `pdf_path` argument more rigorously. | LLM | scripts/change-pdf-permissions.py:94 | |
| LOW | Unpinned Dependency in requirements.txt The `requirements.txt` file specifies `requests>=2.32.0`. This uses a minimum version specifier rather than an exact pinned version. This can lead to non-deterministic builds, where future installations might pull in newer, potentially incompatible, or vulnerable versions of the `requests` library. While `requests` is a widely used and generally trusted library, unpinned dependencies introduce a supply chain risk. Pin the exact version of the `requests` library (e.g., `requests==2.32.3`) to ensure deterministic and secure builds. Regularly review and update pinned dependencies to incorporate security patches. | LLM | requirements.txt:1 |
Scan History
Embed Code
[](https://skillshield.io/report/3d114e8d94382dcd)
Powered by SkillShield