Trust Assessment
exchange2010 received a trust score of 66/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 4 findings: 0 critical, 2 high, 1 medium, and 0 low severity. Key findings include Missing required field: name, Data Exfiltration via Email Sending, Excessive Permissions: Shared Mailbox Access.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings4
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Data Exfiltration via Email Sending The `send_email` function allows sending emails to arbitrary recipients with user-controlled subject and body. If the `to`, `subject`, or `body` arguments are controlled by untrusted input, an attacker could use this function to exfiltrate sensitive data (e.g., emails, calendar events, contact details retrieved by other skill functions) from the Exchange account to an external address. Implement strict validation and allow-listing for recipient email addresses if the skill is exposed to untrusted input. Ensure that the calling agent carefully sanitizes or restricts the `to`, `subject`, and `body` arguments when invoking this function. | LLM | __init__.py:80 | |
| HIGH | Excessive Permissions: Shared Mailbox Access The `get_shared_calendar` function takes an `email_address` argument to access another user's mailbox with `DELEGATE` permissions. If this `email_address` is controlled by untrusted input, an attacker could potentially instruct the skill to access and manipulate data (emails, calendar, contacts, tasks) in any mailbox that the configured `PICARD_USERNAME` has delegate access to, leading to unauthorized data access or modification. Implement strict validation and allow-listing for the `email_address` argument when accessing shared mailboxes. Ensure that the calling agent carefully sanitizes or restricts this argument to only authorized shared mailboxes. | LLM | __init__.py:105 | |
| MEDIUM | Missing required field: name The 'name' field is required for claude_code skills but is missing from frontmatter. Add a 'name' field to the SKILL.md frontmatter. | Static | skills/pes0/exchange2010/SKILL.md:1 | |
| INFO | Credential Loading from Local File The skill loads sensitive credentials (e.g., `EXCHANGE_PASSWORD`) from a file named `.env.credentials` located two directories up from the skill's `__init__.py` file. While this is a common practice for local development, it means the skill relies on these credentials being present in a specific, potentially sensitive, location. If the environment where the skill runs is compromised, these credentials could be exposed. The skill itself does not appear to expose these credentials, but their presence and loading mechanism are noted. Store credentials securely using a secrets management system (e.g., environment variables managed by the orchestrator, a dedicated secrets vault) rather than a local file. Ensure the `.env.credentials` file is properly secured with restrictive file permissions and is not committed to version control. | LLM | __init__.py:10 |
Scan History
Embed Code
[](https://skillshield.io/report/dc09a3ec8821e18b)
Powered by SkillShield