Trust Assessment
echodecks-ultimate received a trust score of 58/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 3 findings: 1 critical, 1 high, 1 medium, and 0 low severity. Key findings include Suspicious import: requests, Potential Command Injection via unquoted arguments in shell execution, API Parameter Injection via manual URL construction.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 55/100, indicating areas for improvement.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Potential Command Injection via unquoted arguments in shell execution The skill is designed to be invoked as a shell command, as indicated by the `#!/usr/bin/env python3` shebang, the `argparse` setup, and the `SKILL.md` example (`./skills/echodecks-v1/echodecks_client.py get-due --deck-id 123`). When the host LLM translates a tool call (e.g., `echodecks_get_decks(id='...')`) into a shell command, if user-controlled input for parameters (like `id`, `topic`, `text`) is not properly quoted or escaped by the execution environment before being passed to the shell, an attacker could inject shell metacharacters (e.g., `;`, `|`, `&`, `$(...)`) to execute arbitrary commands on the host system. While `argparse` itself handles arguments as strings, the vulnerability lies in the shell's interpretation of the command line before `python` is invoked. The execution environment responsible for invoking this script must ensure that all arguments derived from user or LLM input are properly quoted and escaped for the shell before execution. For example, using `subprocess.run` with `shell=False` and passing arguments as a list, or using a robust shell escaping utility. The skill developer should document this requirement for the platform. | LLM | SKILL.md:40 | |
| HIGH | API Parameter Injection via manual URL construction The `make_request` function constructs API request URLs by directly concatenating parameter values into the URL string using f-strings. This bypasses proper URL encoding mechanisms provided by the `requests` library's `params` argument. An attacker providing input containing URL-encoded characters (e.g., `&`, `=`, `%26`) for tool parameters (like `id`, `deck_id`, `topic`, `text`) could inject arbitrary query parameters into the API request, potentially altering the intended API call, bypassing security checks, or causing unexpected behavior on the backend API. Modify the `make_request` function to pass query parameters using the `params` argument of the `requests` library's methods (e.g., `requests.get(url, headers=headers, params=params)`). This ensures proper URL encoding of parameter values. | LLM | echodecks_client.py:40 | |
| MEDIUM | Suspicious import: requests Import of 'requests' detected. This module provides network or low-level system access. Verify this import is necessary. Network and system modules in skill code may indicate data exfiltration. | Static | skills/drgeld/echodecks-ultimate/echodecks_client.py:6 |
Scan History
Embed Code
[](https://skillshield.io/report/d043fa546764571c)
Powered by SkillShield