Trust Assessment
email-processor received a trust score of 65/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 4 findings: 0 critical, 3 high, 1 medium, and 0 low severity. Key findings include Direct Shell Command Execution with User-Derived Input, Excessive Gmail API Permissions, Untrusted Third-Party Binary Dependency (Supply Chain Risk).
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 48/100, indicating areas for improvement.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings4
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Direct Shell Command Execution with User-Derived Input The `scripts/process-emails.sh` script directly executes external commands (`gog`, `jq`). Specifically, email IDs extracted from `jq` output (derived from email content) are used in `gog gmail thread modify "$id"`. If an email ID could contain shell metacharacters and the `gog` CLI tool does not sufficiently sanitize its arguments, this could lead to arbitrary command execution. This pattern is a common vector for command injection. Ensure all external command arguments derived from untrusted sources (like email content) are rigorously sanitized or passed as separate arguments to a robust API that handles escaping. If possible, use libraries or APIs that do not involve direct shell execution for sensitive operations. Verify that the `gog` CLI tool properly sanitizes its arguments. | LLM | scripts/process-emails.sh:38 | |
| HIGH | Excessive Gmail API Permissions The skill requires the `gog` CLI tool to be authenticated with broad access to the user's Gmail account (`--services gmail`). While necessary for the skill's intended functionality (reading and modifying email status), this grants extensive permissions. A compromised or malicious skill could potentially abuse this access to read all email content, send emails, or delete emails beyond the stated purpose of marking low-priority emails as read. If possible, request the most granular permissions necessary for the skill's functionality. For example, if only read and modify labels are needed, explore if the Gmail API allows for more restricted scopes than full 'gmail' service access. Clearly document the scope of access and the implications for users. | LLM | SKILL.md:36 | |
| HIGH | Untrusted Third-Party Binary Dependency (Supply Chain Risk) The skill explicitly instructs users to install `gog CLI` via Homebrew from a specific tap (`brew install steipete/tap/gogcli`). This introduces a dependency on an external, third-party binary. A compromise of the `gogcli` project, the `steipete/tap` repository, or the Homebrew infrastructure could lead to the installation and execution of malicious software on the user's system. Minimize reliance on external binaries from unverified sources. If external binaries are essential, consider vendoring them, verifying their integrity (e.g., via checksums), or using official package managers with strong security guarantees. Clearly communicate the risks associated with third-party dependencies to users. | LLM | SKILL.md:20 | |
| MEDIUM | Potential for Sensitive Data Exfiltration The `scripts/process-emails.sh` script fetches and processes sensitive email data, including sender, subject, date, and labels, storing it in the `UNREAD_JSON` variable. While the current script only displays this information to the user, the capability to access and process this data exists. A malicious modification to the script could easily exfiltrate this sensitive personal information to an external server or log file. Implement strict data handling policies. Ensure that sensitive data is only processed and stored for its intended purpose and is not exposed unnecessarily. If the skill were to be deployed in a more controlled environment, consider sandboxing or network egress controls to prevent unauthorized data transmission. | LLM | scripts/process-emails.sh:20 |
Scan History
Embed Code
[](https://skillshield.io/report/b505740ae56aecc4)
Powered by SkillShield