Trust Assessment
duplicati received a trust score of 88/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 1 finding: 0 critical, 1 high, 0 medium, and 0 low severity. Key findings include Potential Command Injection via unvalidated ID in `curl` commands.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Potential Command Injection via unvalidated ID in `curl` commands The skill constructs `curl` commands that include an `{ID}` placeholder (e.g., for triggering backups or fetching logs). While the skill's instructions suggest resolving IDs from the Duplicati API, there is no explicit instruction for the AI agent to sanitize or validate the `{ID}` before it is substituted into the shell command. If the AI agent directly substitutes untrusted user input into `{ID}` without proper validation or sanitization, it could lead to command injection, allowing arbitrary shell commands to be executed on the host system. Explicitly instruct the AI agent to validate the `{ID}` against a list of known, safe IDs obtained from the Duplicati API, or to sanitize the `{ID}` to ensure it only contains expected characters (e.g., alphanumeric characters, hyphens). Alternatively, provide a helper function that safely constructs the URL path, preventing direct user input substitution into shell commands. | LLM | SKILL.md:24 |
Scan History
Embed Code
[](https://skillshield.io/report/c8240145c6cdaa17)
Powered by SkillShield