Trust Assessment
data-analyst received a trust score of 58/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 6 findings: 1 critical, 1 high, 3 medium, and 1 low severity. Key findings include Sensitive environment variable access: $HOME, Command Injection via unsanitized SQL query, Command Injection via unsanitized database connection string.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 39/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings6
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Command Injection via unsanitized SQL query The `scripts/query.sh` script directly inserts the `$query` variable into `sqlite3`, `psql`, and `mysql` commands without proper sanitization. An attacker providing a malicious SQL query containing shell metacharacters (e.g., `'; rm -rf /;'`) could execute arbitrary shell commands on the host system. Implement robust sanitization or escaping of the `$query` variable before passing it to database client commands. For SQL, consider using prepared statements or a dedicated SQL parsing library if available in a shell context, or ensure the shell command itself properly quotes and escapes the SQL string. A safer approach would be to use a dedicated database client library in a language like Python that supports parameterized queries. | LLM | scripts/query.sh:44 | |
| HIGH | Command Injection via unsanitized database connection string The `scripts/query.sh` script directly inserts the `$DB_CONNECTION` variable into `sqlite3`, `psql`, and `mysql` commands. If an attacker can control the `DB_CONNECTION` environment variable or the `--db` argument, they could inject shell metacharacters into the connection string, leading to arbitrary command execution. For example, `DB_CONNECTION='mydb.sqlite; rm -rf /'` could be used. Ensure the `$DB_CONNECTION` variable is properly sanitized or validated to prevent shell metacharacters. For `psql` and `mysql`, connection strings often have specific formats; validate against these. For `sqlite3`, the connection string is typically a file path, which should be validated as such. | LLM | scripts/query.sh:44 | |
| MEDIUM | Sensitive environment variable access: $HOME Access to sensitive environment variable '$HOME' detected in shell context. Verify this environment variable access is necessary and the value is not exfiltrated. | Static | skills/oyi77/data-analyst/scripts/data-init.sh:5 | |
| MEDIUM | Data Exfiltration via arbitrary output file path The `scripts/query.sh` script allows users to specify an arbitrary output file path using the `--output` flag. If an attacker can control this path, they could direct sensitive query results (obtained through other means, e.g., by crafting a query to select sensitive data) to a location accessible to them, or overwrite critical system files. Restrict output paths to a designated, sandboxed directory. Validate the output path to ensure it does not contain directory traversal sequences (e.g., `../`) and is within an allowed output directory. | LLM | scripts/query.sh:45 | |
| MEDIUM | Arbitrary file read/write via Python analysis script The `scripts/analyze_template.py` script, which is made executable by `data-init.sh`, uses `pandas.read_csv`, `pandas.read_excel`, and `df.to_csv` with user-provided `--input` and `--output` file paths. If an attacker can control these file paths, they could instruct the agent to read arbitrary files from the filesystem (e.g., `/etc/passwd`, `~/.ssh/id_rsa`) or write sensitive data to arbitrary locations, potentially overwriting critical files or exfiltrating data. Implement strict validation and sanitization of input and output file paths. Restrict file operations to a designated, sandboxed data directory. Prevent directory traversal (e.g., `../`) in file paths. Consider using a virtualized file system or a more controlled file access mechanism. | LLM | scripts/analyze_template.py:20 | |
| LOW | Potential exposure of database credentials via connection string The `scripts/query.sh` script explicitly states that `DB_CONNECTION` can be set via an environment variable or `--db` flag, and it's passed directly to database client commands. While the script itself doesn't harvest credentials, it facilitates their direct exposure on the command line (which can be visible in process lists or history) if they are part of the connection string. An attacker with local access or the ability to inspect process arguments could potentially harvest these credentials. Advise users against including sensitive credentials directly in `DB_CONNECTION` environment variables or command-line arguments. Instead, recommend using database client configuration files (e.g., `~/.pgpass` for PostgreSQL, `~/.my.cnf` for MySQL) or environment variables that are specifically handled by the database clients (e.g., `PGPASSWORD`) which are less prone to command-line exposure. If direct connection strings are necessary, ensure they are handled securely (e.g., not logged, restricted permissions). | LLM | scripts/query.sh:15 |
Scan History
Embed Code
[](https://skillshield.io/report/7f312adc9e2cc93d)
Powered by SkillShield