Trust Assessment
etl-pipeline received a trust score of 58/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 6 findings: 1 critical, 3 high, 2 medium, and 0 low severity. Key findings include Missing required field: name, SQL Injection via extract_from_database, Arbitrary File Read via path parameters.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 18/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings6
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | SQL Injection via extract_from_database The `extract_from_database` function directly uses the `query` parameter in `pd.read_sql_query` without sanitization. If an attacker can control the `query` argument, they can execute arbitrary SQL commands, potentially leading to data exfiltration, modification, or deletion within the database specified by `db_path`. Use parameterized queries or an ORM (Object-Relational Mapper) instead of string concatenation for SQL queries. If the `query` must be dynamic, implement strict allow-listing or robust sanitization. | LLM | SKILL.md:159 | |
| HIGH | Arbitrary File Read via path parameters Functions like `extract_excel_files`, `extract_from_pdfs`, and `extract_from_database` (via `db_path`) accept file or folder paths as arguments. If these paths are controlled by an untrusted source (e.g., user input or a malicious LLM prompt), an attacker could read arbitrary files from the system, including sensitive configuration files or user data. The `ConstructionETLPipeline` class further exposes this by using `self.config['excel_folder']`, `self.config['pdf_folder']`, and `self.config['database']` directly. Implement strict path validation and sanitization. Restrict file access to a designated, sandboxed directory. Avoid allowing arbitrary paths from untrusted input. For the pipeline, validate `config` paths rigorously. | LLM | SKILL.md:67 | |
| HIGH | Arbitrary File Write via output path parameters Functions like `generate_excel_report`, `generate_pdf_report`, and `load_to_database` accept output file paths as arguments. If these paths are controlled by an untrusted source, an attacker could write arbitrary data to any location on the filesystem, potentially overwriting critical system files, creating malicious executables, or exfiltrating data by writing it to a publicly accessible location. The `ConstructionETLPipeline` class further exposes this by using `self.config['excel_output']` and `self.config['database']` directly. Implement strict path validation and sanitization. Restrict file write access to a designated, sandboxed output directory. Avoid allowing arbitrary paths from untrusted input. For the pipeline, validate `config` paths rigorously. | LLM | SKILL.md:297 | |
| HIGH | Server-Side Request Forgery (SSRF) via extract_from_api The `extract_from_api` function makes an HTTP GET request to `api_url`. If `api_url` is controlled by an untrusted source, an attacker could use this to make the skill send requests to internal network resources (SSRF), potentially accessing sensitive internal services, or to external malicious servers to exfiltrate data. Implement strict URL validation (e.g., allow-list domains, disallow private IP ranges). Consider proxying requests or running the skill in an isolated network environment with network egress controls. | LLM | SKILL.md:135 | |
| MEDIUM | Missing required field: name The 'name' field is required for claude_code skills but is missing from frontmatter. Add a 'name' field to the SKILL.md frontmatter. | Static | skills/datadrivenconstruction/etl-pipeline/SKILL.md:1 | |
| MEDIUM | Potential for Malicious Excel Macro Execution The `pd.read_excel()` function, used in `simple_etl_pipeline` and `extract_excel_files`, can execute macros embedded in Excel files. If the skill processes untrusted Excel files, an attacker could embed malicious macros to execute arbitrary code on the system where the skill is running. Configure Pandas to disable macro execution if possible, or use a library that explicitly strips macros. Only process Excel files from trusted sources. Consider converting Excel files to a safer format (e.g., CSV) before processing. | LLM | SKILL.md:39 |
Scan History
Embed Code
[](https://skillshield.io/report/869664443405bbe8)
Powered by SkillShield