Trust Assessment
gitload received a trust score of 79/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 3 findings: 0 critical, 1 high, 1 medium, and 1 low severity. Key findings include Potential Command Injection via User-Provided Arguments, Unpinned Dependency in CLI Tool Usage, Direct Exposure of API Token in Examples.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Potential Command Injection via User-Provided Arguments The skill describes executing `gitload-cli` with user-provided URLs and output paths (`-o`, `-z`). If the LLM constructs these commands based on untrusted user input without proper sanitization, or if the `gitload-cli` itself is vulnerable to argument injection, an attacker could execute arbitrary commands on the host system. For example, a malicious output path could contain shell metacharacters. Ensure all user-provided arguments to shell commands are strictly validated and properly escaped or quoted to prevent command injection. Consider using a safe execution mechanism that does not directly invoke a shell, or explicitly whitelist allowed characters/patterns for arguments. | LLM | SKILL.md:30 | |
| MEDIUM | Unpinned Dependency in CLI Tool Usage The skill instructs users to run `npx gitload-cli` or `npm install -g gitload-cli`. Neither command specifies a version, meaning the latest available version will always be fetched. This introduces a supply chain risk, as a malicious update to the `gitload-cli` package could compromise the system without explicit user or LLM approval. Specify a pinned version for `gitload-cli` (e.g., `npx gitload-cli@1.2.3` or `npm install -g gitload-cli@1.2.3`) to ensure deterministic and secure execution. Regularly review and update the pinned version after verifying its integrity. | LLM | SKILL.md:20 | |
| LOW | Direct Exposure of API Token in Examples The skill provides examples showing how to pass a GitHub Personal Access Token directly as a command-line argument (`--token ghp_xxxx`). While this is a functional way to use the tool, it increases the risk of credential exposure if the command is logged, shared, or visible in process lists. Although the skill also mentions environment variables, the direct argument example is prominent. Prioritize and emphasize the use of environment variables (e.g., `GITHUB_TOKEN`) or secure credential stores over direct command-line arguments for sensitive information. If direct arguments are necessary, strongly advise users about the risks and recommend immediate token revocation after use in such scenarios. | LLM | SKILL.md:65 |
Scan History
Embed Code
[](https://skillshield.io/report/bd7d8dde3884616e)
Powered by SkillShield