Trust Assessment
coder-workspaces received a trust score of 86/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 1 finding: 0 critical, 1 high, 0 medium, and 0 low severity. Key findings include Potential Command Injection via `coder ssh` arguments.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Potential Command Injection via `coder ssh` arguments The skill documents the use of `coder ssh <workspace> -- <command>`, which allows executing arbitrary commands within a Coder workspace. If the AI agent constructs the `<command>` argument directly from untrusted user input without proper sanitization, a malicious user could inject arbitrary shell commands. While the skill notes that commands execute in isolated, governed Coder workspaces, this still represents a significant security risk within that environment, potentially leading to data exfiltration or unauthorized actions within the workspace. Implement robust input validation and sanitization for any user-provided arguments that are passed to the `coder ssh -- <command>` part. Specifically, ensure that the `<command>` argument is either strictly whitelisted, properly escaped for shell execution, or executed in a highly restricted environment. The LLM should be instructed to never directly pass unsanitized user input as the `<command>` argument. | LLM | SKILL.md:37 |
Scan History
Embed Code
[](https://skillshield.io/report/eab365b967886b8d)
Powered by SkillShield