Trust Assessment
chill-institute received a trust score of 86/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 1 finding: 0 critical, 1 high, 0 medium, and 0 low severity. Key findings include Untrusted content instructs LLM to execute shell script.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Untrusted content instructs LLM to execute shell script The `SKILL.md` file, which is treated as untrusted input, contains an explicit instruction for the LLM (agent) to execute a `bash` script (`skills/putio/scripts/list_transfers.sh`). Executing shell commands directly from untrusted input can lead to command injection if the script itself is vulnerable or if the LLM's execution environment allows for arbitrary command execution based on this instruction. While the content of `list_transfers.sh` is not provided in this context, the instruction to run it originates from untrusted content, posing a significant risk. Avoid instructing the LLM to directly execute shell commands found within untrusted skill documentation. If shell execution is necessary, ensure the command is hardcoded and validated by the skill developer, or use a safer, sandboxed execution environment. The `list_transfers.sh` script should be thoroughly reviewed for vulnerabilities, and its execution should be mediated by a trusted tool call, not a direct `bash` instruction from untrusted markdown. | LLM | SKILL.md:36 |
Scan History
Embed Code
[](https://skillshield.io/report/445fccae8a03a7bc)
Powered by SkillShield