Trust Assessment
data-validation received a trust score of 84/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 4 findings: 0 critical, 0 high, 3 medium, and 1 low severity. Key findings include Potential Command Injection via `jq` filename, Potential Command Injection via `python3 -c` filename, Potential Command Injection in `npx ajv-cli` loop example.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings4
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| MEDIUM | Potential Command Injection via `jq` filename The skill provides examples of using `jq` with filenames (e.g., `jq empty data.json`). If an LLM uses these examples to construct commands with user-provided filenames without proper sanitization or quoting, it could lead to command injection. An attacker could provide a filename like `malicious.json; rm -rf /` which, if unquoted, would execute `rm -rf /`. This is a credible risk as `jq` is listed in the skill's `anyBins` metadata. When generating commands that include user-provided input (like filenames), ensure proper shell escaping or use APIs that handle arguments safely (e.g., `subprocess.run` with `shell=False` and arguments as a list). For `jq`, ensure the filename argument is properly quoted or escaped. | LLM | SKILL.md:200 | |
| MEDIUM | Potential Command Injection via `python3 -c` filename The skill provides an example of executing Python code directly via `python3 -c "..."` which loads `schema.json` and `data.json`. If an LLM were to generate this command with user-provided filenames, and those filenames contained shell metacharacters, it could lead to command injection. This is a credible risk as `python3` is listed in the skill's `anyBins` metadata. When generating commands that include user-provided input (like filenames), ensure proper shell escaping or use APIs that handle arguments safely. For Python, prefer executing scripts directly or using `subprocess.run` with `shell=False` and arguments as a list. | LLM | SKILL.md:63 | |
| MEDIUM | Potential Command Injection in `npx ajv-cli` loop example The skill provides an example of iterating through files (`for f in data/*.json; do npx ajv-cli validate -s schema.json -d "$f" ...`). If the `data/*.json` pattern could be influenced by an attacker (e.g., by creating files with malicious names in the `data/` directory), or if the LLM were to construct a similar loop with untrusted input, the unquoted `$f` within the `npx` command could lead to command injection. While `$f` is quoted in the example, if the LLM were to generate a similar command without quoting, or if the glob itself could be manipulated, it's a risk. `node` (which `npx` uses) is listed in the skill's `anyBins` metadata. Ensure all user-controlled inputs passed to shell commands are rigorously sanitized and properly quoted. Prefer using safer APIs (e.g., `subprocess.run` in Python with `shell=False`) over direct shell command construction. | LLM | SKILL.md:68 | |
| LOW | Unpinned `npx` package execution The example uses `npx ajv-cli` without specifying a version. `npx` will fetch and execute the latest version of `ajv-cli` if not locally installed. This introduces a supply chain risk, as a compromised or malicious update to `ajv-cli` could be executed. While `ajv-cli` is a common package, best practice is to pin versions. When using `npx` for production or automated environments, always specify a version (e.g., `npx ajv-cli@1.2.3 validate ...`) or ensure the package is pre-installed and vetted. | LLM | SKILL.md:60 |
Scan History
Embed Code
[](https://skillshield.io/report/4a87221ee62b49b4)
Powered by SkillShield