Trust Assessment
coding-agent received a trust score of 65/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 3 findings: 1 critical, 1 high, 1 medium, and 0 low severity. Key findings include Arbitrary command execution via 'command' parameter, Instruction to use dangerous '--yolo' flag with Codex, Unpinned npm dependency for Pi Coding Agent.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 48/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Arbitrary command execution via 'command' parameter The skill instructs users to provide arbitrary commands to external agents (Codex, Claude, OpenCode, Pi) via the `command` parameter of the `bash` tool. If the string provided to this `command` parameter contains shell metacharacters (e.g., `;`, `|`, `&`, `$(...)`, `` ` ``), it can lead to arbitrary command execution on the host system. The skill provides multiple examples where user-controlled strings are passed directly to this parameter, which is then executed by `bash`. The `bash` tool's implementation should sanitize or escape the `command` argument before execution, or use a safer execution method that does not involve `bash -c` for the user-provided part of the command. Alternatively, if the `command` parameter is intended to be a full shell command, the skill should explicitly warn about the dangers and instruct users on proper escaping for user-controlled sub-parts. | LLM | SKILL.md:17 | |
| HIGH | Instruction to use dangerous '--yolo' flag with Codex The skill provides examples and instructions for using the `codex` agent with the `--yolo` flag, which is explicitly described as 'NO sandbox, NO approvals (fastest, most dangerous)'. While the skill warns about its danger, it directly instructs its use in examples for building and parallel issue fixing. This grants the AI agent excessive permissions and removes critical safety mechanisms, significantly increasing the risk of unintended or malicious actions by the agent, including data loss or system compromise. Re-evaluate the necessity of `--yolo` in examples. If absolutely necessary, add more prominent warnings and emphasize its use only in highly isolated and disposable environments. Prioritize examples using safer modes like `--full-auto` or interactive approval. | LLM | SKILL.md:38 | |
| MEDIUM | Unpinned npm dependency for Pi Coding Agent The skill instructs users to install the `pi-coding-agent` via `npm install -g @mariozechner/pi-coding-agent`. This command installs the latest version of the package, which introduces a supply chain risk. If a future version of this package is compromised or introduces malicious code, users following this instruction would unknowingly install it. Instruct users to install a specific, pinned version of the package (e.g., `npm install -g @mariozechner/pi-coding-agent@1.2.3`) to ensure reproducibility and mitigate risks from future malicious updates. | LLM | SKILL.md:98 |
Scan History
Embed Code
[](https://skillshield.io/report/482a335c276f8f62)
Powered by SkillShield