Trust Assessment
form-builder received a trust score of 65/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 2 findings: 1 critical, 1 high, 0 medium, and 0 low severity. Key findings include Excessive tool permissions requested, Potential for command injection through generated `docassemble` YAML.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 55/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings2
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Potential for command injection through generated `docassemble` YAML The skill is designed to generate `docassemble` YAML based on user input. `docassemble` interviews can embed Python code blocks, which would be executed if the YAML is processed. The skill's manifest explicitly requests the `code_execution` tool, indicating that the generated YAML (or parts of it) might be executed on the host system. This creates a critical vulnerability where a malicious user could craft a prompt to induce the LLM to generate `docassemble` YAML containing arbitrary Python code, leading to command injection and potential compromise of the host system. Implement strict sanitization and validation of user input to prevent the generation of `python` or `code` blocks within the `docassemble` YAML. If `code_execution` is essential, ensure it operates within a highly restricted, isolated, and sandboxed environment with minimal privileges. Consider using a safer templating approach that explicitly disallows arbitrary code injection. | LLM | Manifest | |
| HIGH | Excessive tool permissions requested The skill's manifest declares `computer`, `code_execution`, and `file_operations` tools. These permissions are overly broad for a skill primarily described as generating `docassemble` YAML. `code_execution` allows arbitrary code execution, `file_operations` grants extensive filesystem access, and `computer` often implies broad system interaction. Requesting such powerful tools significantly increases the attack surface and potential for abuse, especially if the skill's core function is merely content generation. Review and reduce the requested tools to the absolute minimum necessary for the skill's functionality. If `code_execution` is required for executing generated YAML, ensure it runs in a highly sandboxed environment. Re-evaluate the necessity of `computer` and `file_operations` for this skill. | LLM | Manifest |
Scan History
Embed Code
[](https://skillshield.io/report/2b7e0664f45efb52)
Powered by SkillShield