Trust Assessment
food-order received a trust score of 58/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 4 findings: 2 critical, 1 high, 1 medium, and 0 low severity. Key findings include Missing required field: name, Potential Command Injection via unsanitized `ordercli` arguments, Access to default Chrome profile poses data exfiltration and credential harvesting risk.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 25/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings4
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Potential Command Injection via unsanitized `ordercli` arguments The skill's instructions involve executing `ordercli` commands with arguments such as `<orderCode>`, `<id>`, `--email`, `--url`, and `--profile`. If these arguments are populated directly from untrusted user input without proper sanitization or escaping, an attacker could inject arbitrary shell commands. For example, providing an `<orderCode>` like `123; rm -rf /` could lead to severe system compromise by executing unintended commands on the host system. Implement robust input sanitization and escaping for all user-provided arguments passed to `ordercli` commands. Consider using a library that safely constructs shell commands or explicitly whitelisting allowed characters/formats for inputs to prevent command injection. | LLM | SKILL.md:29 | |
| CRITICAL | Access to default Chrome profile poses data exfiltration and credential harvesting risk The command `ordercli foodora session chrome --url https://www.foodora.at/ --profile "Default"` instructs the LLM to access the user's default Chrome browser profile. This profile contains highly sensitive data, including cookies, session tokens, browsing history, and potentially saved passwords. If the LLM or the `ordercli` tool can interact with this browser session or extract data from it, it could lead to severe data exfiltration or credential harvesting. Avoid accessing the default browser profile. If a browser session is strictly necessary, use a dedicated, isolated, and temporary profile with minimal permissions. Ensure no sensitive data can be extracted from the browser session by the LLM or the tool. Re-evaluate if this functionality is essential for the skill's purpose. | LLM | SKILL.md:20 | |
| HIGH | Skill relies on arbitrary shell command execution The skill's core functionality involves executing `ordercli` commands directly in the shell. This grants the LLM the ability to execute arbitrary commands on the host system if an attacker can manipulate the command arguments (as identified in the command injection finding) or if the LLM itself misinterprets user intent. This broad permission significantly increases the attack surface and potential for system compromise. Restrict the LLM's ability to execute arbitrary shell commands. If shell execution is unavoidable, implement a strict allowlist of commands and arguments, and ensure all inputs are rigorously validated and sanitized. Consider sandboxing the execution environment to limit potential damage from malicious commands. | LLM | SKILL.md:15 | |
| MEDIUM | Missing required field: name The 'name' field is required for claude_code skills but is missing from frontmatter. Add a 'name' field to the SKILL.md frontmatter. | Static | skills/steipete/food-order/SKILL.md:1 |
Scan History
Embed Code
[](https://skillshield.io/report/3b91165b5faf0cfd)
Powered by SkillShield