Trust Assessment
export-skills received a trust score of 82/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 2 findings: 0 critical, 1 high, 1 medium, and 0 low severity. Key findings include Excessive 'Bash' permission declared, Potential Command Injection via Bash execution.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings2
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Excessive 'Bash' permission declared The skill declares 'Bash' permission, which grants arbitrary shell execution capabilities. This permission is highly dangerous as it can be exploited for command injection, data exfiltration, or system compromise if any part of a shell command is constructed from untrusted input. While the skill's purpose involves file discovery, this functionality could potentially be achieved with safer permissions like 'Glob' and 'Read' without granting full shell access. Review if 'Bash' permission is strictly necessary. If file discovery is the only requirement, consider using 'Glob' and 'Read' permissions instead. If 'Bash' is unavoidable, ensure all shell commands are constructed using only trusted, sanitized inputs and implement robust input validation and escaping. | LLM | SKILL.md:1 | |
| MEDIUM | Potential Command Injection via Bash execution The skill's execution steps include a `bash` command (`find plugins -name "SKILL.md" -type f`) for discovering files. Given the declared 'Bash' permission, there is a risk of command injection if any part of this command (e.g., the directory path or filename pattern) were to be dynamically constructed from untrusted user input. Although the example command shown is static, the capability to execute arbitrary shell commands is present, creating an attack surface. If 'Bash' permission is retained, ensure all arguments passed to shell commands are rigorously validated and properly escaped to prevent injection. Prefer using safer, built-in file system operations (e.g., 'Glob' and 'Read' permissions) over direct shell commands when possible. | LLM | SKILL.md:68 |
Scan History
Embed Code
[](https://skillshield.io/report/248d87f123f818e8)
Powered by SkillShield