Trust Assessment
engram received a trust score of 76/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 3 findings: 0 critical, 1 high, 2 medium, and 0 low severity. Key findings include Potential Command Injection via User Input, Unpinned npm Package Dependency, Reliance on External Binary Dependency.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Potential Command Injection via User Input The skill demonstrates the execution of external `engram` commands where user-provided strings (e.g., '<current task or context>', 'Raw conversation text') are directly embedded into shell commands. If the AI agent constructs these commands without proper sanitization or escaping of user input, a malicious user could inject arbitrary shell commands, leading to remote code execution or data manipulation. Ensure all user-provided input passed to `engram` commands is rigorously sanitized and escaped to prevent shell injection. When executing external commands, prefer passing arguments as a list to a subprocess execution function (e.g., `subprocess.run(['engram', 'search', user_input])`) rather than constructing a single shell string. | LLM | SKILL.md:8 | |
| MEDIUM | Unpinned npm Package Dependency The skill's manifest specifies the `engram-memory` npm package without a pinned version. This means that `npm install engram-memory` will always fetch the latest available version. This practice introduces a supply chain risk, as future updates to the package could introduce breaking changes, vulnerabilities, or even malicious code without explicit review, potentially compromising the skill's security and stability. Pin the version of the `engram-memory` npm package in the manifest to a specific, known-good version (e.g., `engram-memory@1.2.3`). Regularly review and manually update dependencies to ensure security and compatibility. | LLM | SKILL.md | |
| MEDIUM | Reliance on External Binary Dependency The skill relies on an external `engram` binary, as indicated by the `bins` requirement in the manifest. The security posture, maintenance, and integrity of this external binary are critical to the overall security of the skill. Any vulnerabilities or malicious code within the `engram` binary itself could directly impact the agent using this skill. Thoroughly vet the `engram` binary's source, maintainers, and security practices. Consider sandboxing the execution environment for external binaries to limit their potential impact. Implement integrity checks (e.g., checksums) for the binary if possible. | LLM | SKILL.md |
Scan History
Embed Code
[](https://skillshield.io/report/ccfa028e955de757)
Powered by SkillShield