Trust Assessment
code-formatter received a trust score of 57/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 2 findings: 1 critical, 1 high, 0 medium, and 0 low severity. Key findings include Dangerous tool allowed: Bash, Command Injection via Bash permission and unsanitized user input/environment variables.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings2
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Command Injection via Bash permission and unsanitized user input/environment variables The skill declares `Bash` as an allowed tool in its manifest, granting it the ability to execute arbitrary shell commands. The untrusted `SKILL.md` content indicates the skill processes user-provided file paths (e.g., 'Format the src/index.js file') and environment variables (`PRETTIER_CONFIG`, `ESLINT_CONFIG`) which can specify file paths. If these inputs are not rigorously sanitized and escaped before being passed to shell commands, a malicious user could inject arbitrary commands. This could lead to remote code execution, data exfiltration (e.g., `cat /etc/passwd`), or system compromise. The `Write` permission further exacerbates this risk by allowing arbitrary file modification or deletion. 1. **Input Sanitization**: Implement robust validation and sanitization for all user-provided strings and environment variable values used in shell commands. Avoid direct concatenation of user input into shell commands. 2. **Least Privilege**: Re-evaluate the necessity of raw `Bash` access. If shell execution is required, consider using a more constrained execution environment or specific, hardened tool calls (e.g., `execv` with a fixed command and arguments) instead of general `Bash`. 3. **Escaping**: Use libraries or functions that automatically handle shell escaping for arguments passed to external commands. 4. **Environment Variables**: Ensure that paths provided via environment variables are validated to prevent path traversal or command injection. | LLM | SKILL.md:1 | |
| HIGH | Dangerous tool allowed: Bash The skill allows the 'Bash' tool without constraints. This grants arbitrary command execution. Remove unconstrained shell/exec tools from allowed-tools, or add specific command constraints. | Static | skills/0xnagato/skill-porter/examples/before-after/code-formatter-converted/SKILL.md:1 |
Scan History
Embed Code
[](https://skillshield.io/report/59484a50af0c534b)
Powered by SkillShield