Trust Assessment
contract-template received a trust score of 56/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 6 findings: 1 critical, 1 high, 1 medium, and 3 low severity. Key findings include Covert behavior / concealment directives, Excessive Permissions: Code Execution and File Operations, Potential Command Injection via CLI Examples.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 48/100, indicating areas for improvement.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings6
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Excessive Permissions: Code Execution and File Operations The skill's manifest explicitly declares the use of 'code_execution' and 'file_operations' tools. These tools grant the AI agent broad capabilities to execute arbitrary code and manipulate the filesystem, posing a critical security risk. The untrusted content further demonstrates the intended use of these powerful capabilities through examples of shell commands like 'npm install' and 'cicero' CLI commands. Re-evaluate the necessity of 'code_execution' and 'file_operations'. If absolutely essential, ensure all interactions with these tools are strictly sandboxed, inputs are rigorously validated and sanitized, and access is limited to the minimum required scope. Consider using more granular, purpose-built tools instead of broad capabilities. | LLM | SKILL.md:1 | |
| HIGH | Potential Command Injection via CLI Examples Given the declared 'code_execution' and 'file_operations' tools, the examples in the untrusted content demonstrating 'cicero' CLI commands (e.g., 'cicero parse --template ./contract-template --sample ./text/sample.md') introduce a high risk of command injection. If user input is used to construct these commands or specify file paths without robust sanitization, an attacker could inject arbitrary shell commands or manipulate file access, leading to unauthorized execution or data compromise. Implement strict input validation and sanitization for all user-provided data that might be used in constructing shell commands or file paths. Avoid direct concatenation of user input into commands. Utilize parameterized command execution mechanisms where available and ensure a secure, isolated execution environment for any code execution. | LLM | SKILL.md:105 | |
| MEDIUM | Supply Chain Risk from Dynamic Package Installation Example The untrusted content includes an example of installing a package using 'npm install -g @accordproject/cicero-cli'. While this is an example, the presence of the 'code_execution' tool means the skill could potentially be instructed to install packages dynamically. If the skill allows user input to influence the package name, it could be vulnerable to typosquatting attacks or the installation of malicious packages from untrusted registries, compromising the agent's environment. Avoid dynamic package installation based on untrusted user input. If package installation is necessary, use a fixed, verified list of dependencies. Implement strict package integrity checks and ensure packages are sourced from trusted registries only. Consider pre-installing all necessary dependencies in the skill's environment. | LLM | SKILL.md:107 | |
| LOW | Covert behavior / concealment directives Directive to hide behavior from user Remove hidden instructions, zero-width characters, and bidirectional overrides. Skill instructions should be fully visible and transparent to users. | Manifest | skills/lijie420461340/contract-template/SKILL.md:150 | |
| LOW | Covert behavior / concealment directives Directive to hide behavior from user Remove hidden instructions, zero-width characters, and bidirectional overrides. Skill instructions should be fully visible and transparent to users. | Manifest | skills/lijie420461340/contract-template/SKILL.md:152 | |
| LOW | Covert behavior / concealment directives Directive to hide behavior from user Remove hidden instructions, zero-width characters, and bidirectional overrides. Skill instructions should be fully visible and transparent to users. | Manifest | skills/lijie420461340/contract-template/SKILL.md:177 |
Scan History
Embed Code
[](https://skillshield.io/report/bf9c4820258972fa)
Powered by SkillShield