Trust Assessment
cv-builder received a trust score of 65/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 3 findings: 1 critical, 1 high, 1 medium, and 0 low severity. Key findings include Potential Command Injection via `rendercv` execution, Excessive permissions granted by `code_execution` and `file_operations`, Unpinned `rendercv` dependency.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 48/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Potential Command Injection via `rendercv` execution The skill's manifest declares `code_execution` capabilities, and the `SKILL.md` explicitly shows `rendercv render cv.yaml` as a CLI usage example. If the `cv.yaml` filename or its content (which is user-provided) is directly interpolated into a shell command without proper sanitization or escaping, an attacker could inject arbitrary shell commands. For example, if the filename is user-controlled, `rendercv render mycv.yaml; rm -rf /` could be executed. Even if the filename is fixed, vulnerabilities within `rendercv` itself could be exploited if the skill doesn't validate the YAML content. Implement strict input validation and sanitization for all user-provided data used in shell commands. Use parameterized commands or libraries that handle escaping automatically. Avoid direct string concatenation for command construction. If `rendercv` is executed via a Python `subprocess` call, use `subprocess.run(['rendercv', 'render', 'cv.yaml'], check=True)` with a carefully constructed `cv.yaml` path, and ensure `shell=False`. | LLM | SKILL.md:57 | |
| HIGH | Excessive permissions granted by `code_execution` and `file_operations` The skill's manifest requests `code_execution` and `file_operations` tools. These are highly privileged capabilities that allow the skill to execute arbitrary shell commands and perform any file system operations (read, write, delete). While potentially necessary for the skill's functionality (rendering PDFs from YAML), these broad permissions significantly increase the attack surface. Any vulnerability, such as a command injection or path traversal, would be amplified by these permissions, potentially leading to full system compromise or data exfiltration. Review the necessity of each permission. If `code_execution` is strictly required, ensure it's used with the principle of least privilege, executing only specific, validated commands. Implement robust sandboxing or containerization if possible. For `file_operations`, restrict access to only necessary directories and file types. | LLM | Manifest | |
| MEDIUM | Unpinned `rendercv` dependency The skill's documentation suggests `pip install rendercv` without specifying a version. The manifest also lists `rendercv` but lacks version pinning. This practice can lead to supply chain vulnerabilities, as a future malicious update to the `rendercv` package or a version with a critical security flaw could be automatically installed, compromising the skill's integrity and the host environment. Pin all external dependencies to specific, known-good versions (e.g., `rendercv==X.Y.Z`). Use a `requirements.txt` or similar mechanism with exact versions. Regularly audit and update dependencies. | LLM | SKILL.md:51 |
Scan History
Embed Code
[](https://skillshield.io/report/2ae64e92c06397be)
Powered by SkillShield