Trust Assessment
find-code-tasks received a trust score of 86/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 1 finding: 0 critical, 1 high, 0 medium, and 0 low severity. Key findings include Arbitrary File Frontmatter Reading via 'tasks_dir' parameter.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Arbitrary File Frontmatter Reading via 'tasks_dir' parameter The skill's 'tasks_dir' parameter allows the user to specify an arbitrary directory path. This path is then used by the 'task-status.sh' script in 'find' or 'fd' commands to locate '.code-task.md' files. The script subsequently extracts and returns the frontmatter (status, created, started, completed fields) of these files. By setting 'tasks_dir' to sensitive locations like '/', '/etc', or '/home/user', an attacker can exfiltrate information from the frontmatter of any '.code-task.md' files found in those directories, leading to data leakage and excessive filesystem access. Restrict the 'tasks_dir' parameter to a predefined, safe subdirectory within the skill's or repository's scope (e.g., '.' or './.ralph/tasks/'). Do not allow arbitrary paths. Alternatively, implement robust path sanitization to ensure 'TASKS_DIR' cannot escape the intended base directory. For example, resolve the path and ensure it's a child of a safe base directory before use. | LLM | task-status.sh:16 |
Scan History
Embed Code
[](https://skillshield.io/report/ff8a47b928d72b5c)
Powered by SkillShield