Trust Assessment
dhmz-weather received a trust score of 65/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 2 findings: 1 critical, 1 high, 0 medium, and 0 low severity. Key findings include Untrusted content attempts to manipulate LLM behavior, Potential command injection via unsanitized user input in shell commands.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 55/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings2
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Untrusted content attempts to manipulate LLM behavior The skill's `SKILL.md` contains an instruction within the untrusted input block that attempts to dictate the host LLM's conversational behavior. The phrase "Do not ask the user what they want - just fetch the weather data immediately and present it in a readable format." is a direct attempt to override the LLM's default interaction patterns and constitutes a prompt injection. Remove or rephrase instructions within untrusted content that attempt to control the host LLM's behavior. Such instructions should be part of the trusted skill definition, not user-facing documentation. | LLM | SKILL.md:16 | |
| HIGH | Potential command injection via unsanitized user input in shell commands The skill's default behavior involves fetching weather data for a user-provided city. The `SKILL.md` provides an example of using `curl` piped to `xmllint` where a city name (`Zagreb`) is embedded directly into an XPath query argument (`--xpath "//Grad[GradIme='Zagreb']"`). If the skill implements this by directly concatenating user-provided city names into shell commands without proper sanitization (e.g., escaping quotes, backticks, semicolons, or other shell metacharacters), a malicious user could inject arbitrary commands, leading to remote code execution. The manifest explicitly requires `curl`, indicating shell execution is intended. Ensure all user-provided input used in shell commands (e.g., city names for `xmllint` XPath queries or `curl` parameters) is rigorously sanitized and escaped to prevent shell metacharacters from being interpreted as commands. Consider using a dedicated XML parsing library in a safer execution environment rather than piping to `xmllint` from a shell. | LLM | SKILL.md:160 |
Scan History
Embed Code
[](https://skillshield.io/report/b08a00dab5f2d281)
Powered by SkillShield