Trust Assessment
deepwiki received a trust score of 86/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 1 finding: 0 critical, 1 high, 0 medium, and 0 low severity. Key findings include Unsafe shell command construction from user input.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 12, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Unsafe shell command construction from user input The skill defines shell commands in `SKILL.md` that take user-provided arguments (`<owner/repo>`, `"your question"`, `<path>`). If the host LLM directly substitutes untrusted user input into these command templates without proper shell escaping or quoting, it can lead to command injection. An attacker could provide input like `owner/repo; rm -rf /` to execute arbitrary commands on the host system when the LLM constructs and executes the shell command. The host LLM should always sanitize or shell-escape user-provided arguments before inserting them into shell command templates. For Node.js scripts, consider passing arguments as distinct parameters to the Node.js process (e.g., using `child_process.spawn` with an array of arguments) rather than constructing a single shell string. Alternatively, the skill could expose an API endpoint instead of a shell script to avoid shell-level injection risks. | LLM | SKILL.md:13 |
Scan History
Embed Code
[](https://skillshield.io/report/098d904d856fd100)
Powered by SkillShield