Trust Assessment
gitlab-cli-skills received a trust score of 70/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 1 finding: 1 critical, 0 high, 0 medium, and 0 low severity. Key findings include Arbitrary command execution via eval.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Arbitrary command execution via eval The `mr-review-workflow.sh` script uses `eval "$TEST_COMMAND"` to execute a user-provided test command. This allows an attacker to inject and execute arbitrary shell commands by crafting the `TEST_COMMAND` argument. For example, providing `npm test; rm -rf /` as the `TEST_COMMAND` would lead to the execution of `rm -rf /` on the system running the script. Avoid using `eval` with untrusted input. Instead, consider one of the following: 1. Restrict the allowed `TEST_COMMAND` values to a predefined, safe list. 2. If arbitrary commands must be executed, ensure the script runs in a highly sandboxed and isolated environment. 3. If the command is simple and doesn't require shell features like pipes or redirections, execute it directly without `eval` (e.g., `"$TEST_COMMAND"`). If it's a complex command string, `sh -c -- "$TEST_COMMAND"` is generally preferred over `eval` as it avoids re-parsing issues, but still allows arbitrary command execution. | LLM | scripts/mr-review-workflow.sh:17 |
Scan History
Embed Code
[](https://skillshield.io/report/ad624e2efedf7d52)
Powered by SkillShield