Trust Assessment
fathom received a trust score of 65/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 6 findings: 5 critical, 1 high, 0 medium, and 0 low severity. Key findings include Command Injection via Recording ID in get-summary.sh, Command Injection via Recording ID in get-transcript.sh, Command Injection via URL parameters in list-calls.sh.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 0/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings6
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Command Injection via Recording ID in get-summary.sh The `RECORDING_ID` variable is directly interpolated into the URL string during variable assignment. If `RECORDING_ID` contains shell metacharacters (e.g., `$(command)` or `;`), these commands will be executed before the `curl` command is invoked. This allows an attacker to inject and execute arbitrary shell commands. Validate `RECORDING_ID` to ensure it contains only expected characters (e.g., numeric). For example, add `if ! [[ "$RECORDING_ID" =~ ^[0-9]+$ ]]; then echo "Error: Invalid recording ID format."; exit 1; fi` before constructing the URL. Alternatively, use a safer method for URL construction that properly escapes user input, or pass parameters to `curl` using options like `-G` and `--data-urlencode` where applicable. | LLM | scripts/get-summary.sh:50 | |
| CRITICAL | Command Injection via Recording ID in get-transcript.sh The `RECORDING_ID` variable is directly interpolated into the URL string during variable assignment. If `RECORDING_ID` contains shell metacharacters (e.g., `$(command)` or `;`), these commands will be executed before the `curl` command is invoked. This allows an attacker to inject and execute arbitrary shell commands. Validate `RECORDING_ID` to ensure it contains only expected characters (e.g., numeric). For example, add `if ! [[ "$RECORDING_ID" =~ ^[0-9]+$ ]]; then echo "Error: Invalid recording ID format."; exit 1; fi` before constructing the URL. Alternatively, use a safer method for URL construction that properly escapes user input, or pass parameters to `curl` using options like `-G` and `--data-urlencode` where applicable. | LLM | scripts/get-transcript.sh:50 | |
| CRITICAL | Command Injection via URL parameters in list-calls.sh User-controlled variables such as `LIMIT`, `AFTER`, `BEFORE`, and `CURSOR` are directly interpolated into the `URL` string during variable assignment. If any of these variables contain shell metacharacters (e.g., `$(command)` or `;`), these commands will be executed before the `curl` command is invoked. This allows an attacker to inject and execute arbitrary shell commands. Validate all user-controlled input variables (`LIMIT`, `AFTER`, `BEFORE`, `CURSOR`) to ensure they contain only expected characters and formats (e.g., numeric for limit, `YYYY-MM-DD` for dates). For example, for `LIMIT`, add `if ! [[ "$LIMIT" =~ ^[0-9]+$ ]]; then echo "Error: Invalid limit format."; exit 1; fi`. For `CURSOR`, if it can contain arbitrary characters, it must be URL-encoded before interpolation. A safer approach is to use `curl`'s `-G` option with `--data-urlencode` for query parameters. | LLM | scripts/list-calls.sh:60 | |
| CRITICAL | Command Injection via URL parameters in search-calls.sh User-controlled variables such as `LIMIT`, `AFTER`, and `BEFORE` are directly interpolated into the `URL` string during variable assignment. If any of these variables contain shell metacharacters (e.g., `$(command)` or `;`), these commands will be executed before the `curl` command is invoked. This allows an attacker to inject and execute arbitrary shell commands. Note that `QUERY` and `SPEAKER` are handled more safely via `jq --arg` and are not subject to this specific shell injection vulnerability. Validate all user-controlled input variables (`LIMIT`, `AFTER`, `BEFORE`) to ensure they contain only expected characters and formats (e.g., numeric for limit, `YYYY-MM-DD` for dates). For example, for `LIMIT`, add `if ! [[ "$LIMIT" =~ ^[0-9]+$ ]]; then echo "Error: Invalid limit format."; exit 1; fi`. A safer approach is to use `curl`'s `-G` option with `--data-urlencode` for query parameters. | LLM | scripts/search-calls.sh:59 | |
| CRITICAL | Command Injection via Webhook URL in setup-webhook.sh The `WEBHOOK_URL` variable is directly interpolated into the JSON payload string for the `curl -d` argument. If `WEBHOOK_URL` contains shell metacharacters (e.g., `$(command)` or `;`), these commands will be executed during the construction of the JSON string before `curl` is invoked. This allows an attacker to inject and execute arbitrary shell commands. Validate `WEBHOOK_URL` to ensure it is a valid HTTPS URL and does not contain shell metacharacters. A more robust solution is to construct the JSON payload using `jq`'s `--arg` feature, which handles proper JSON escaping: `jq -n --arg url "$WEBHOOK_URL" '{"destination_url": $url, ...}'` and then pass the output of `jq` to `curl -d @-`. | LLM | scripts/setup-webhook.sh:70 | |
| HIGH | Data Exfiltration Risk via Arbitrary Webhook URL The `setup-webhook.sh` script allows registering a webhook to an arbitrary HTTPS URL provided by the user. While the script validates for an `https://` prefix, a malicious actor could provide a URL to a server they control. This would cause Fathom AI to send potentially sensitive data (transcripts, summaries, action items) to the attacker's endpoint, leading to data exfiltration. This is a powerful capability that, if misused by a compromised LLM, poses a significant risk. Implement strict validation or whitelisting for `WEBHOOK_URL` if possible, restricting it to trusted domains. If arbitrary URLs are necessary, ensure the LLM is robustly protected against prompt injection that could trick it into providing malicious URLs. Additionally, consider adding warnings to the user about the security implications of providing untrusted webhook URLs. | LLM | scripts/setup-webhook.sh:70 |
Scan History
Embed Code
[](https://skillshield.io/report/a87dbb61e0cd1f60)
Powered by SkillShield