Trust Assessment
enzoldhazam received a trust score of 65/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 3 findings: 1 critical, 1 high, 1 medium, and 0 low severity. Key findings include Potential for Command Injection via unsanitized user input, Supply Chain Risk from unverified third-party repository, Credentials exposed via environment variables.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 48/100, indicating areas for improvement.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Potential for Command Injection via unsanitized user input The skill instructs the LLM to construct shell commands (`enzoldhazam set <room> <temp>`, `enzoldhazam get <room>`) using user-provided values for `<room>` and `<temp>`. There are no explicit instructions for sanitizing or escaping these inputs, which could allow a malicious user to inject arbitrary shell commands. For example, if a user provides `Living Room"; rm -rf /; echo "` as the room name, the resulting command could execute `rm -rf /`. Instruct the LLM to strictly sanitize or escape all user-provided arguments (`<room>`, `<temp>`) before incorporating them into shell commands. This can be done by enclosing arguments in single quotes and escaping any internal single quotes, or by using a dedicated command execution library that handles argument escaping automatically. | LLM | SKILL.md:39 | |
| HIGH | Supply Chain Risk from unverified third-party repository The skill's setup instructions require cloning and building an executable from an external GitHub repository (`https://github.com/daniel-laszlo/enzoldhazam.git`). This introduces a supply chain risk, as the integrity and security of this third-party repository are not guaranteed. A compromise of this repository could lead to the installation and execution of malicious code on the host system. Recommend using officially vetted and managed packages or providing a mechanism to verify the integrity of the downloaded source code (e.g., checksums, signed commits). Ideally, skills should be self-contained or rely on trusted package managers. | LLM | SKILL.md:13 | |
| MEDIUM | Credentials exposed via environment variables The skill provides an option to configure sensitive credentials (`ENZOLDHAZAM_USER`, `ENZOLDHAZAM_PASS`) via environment variables. While a common practice, this makes these credentials accessible to the LLM's execution environment. If the LLM is compromised via prompt injection or other means, it could be instructed to reveal these environment variables, leading to credential exposure. Prefer more secure credential management methods, such as dedicated secret management services or secure local storage (like macOS Keychain, which is also mentioned as an option). If environment variables must be used, ensure the LLM's execution environment is strictly sandboxed and that it cannot access or reveal its own environment variables. | LLM | SKILL.md:24 |
Scan History
Embed Code
[](https://skillshield.io/report/b3d1f3de445be6e7)
Powered by SkillShield