Trust Assessment
gitops-workflow received a trust score of 65/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 3 findings: 2 critical, 1 high, 0 medium, and 0 low severity. Key findings include Unpinned remote manifest application, Direct execution of unpinned remote script, Exposure of initial admin password in command output.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 25/100, indicating areas for improvement.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Unpinned remote manifest application The skill instructs users to apply Kubernetes manifests directly from a remote URL without specifying a fixed version or hash. This introduces a supply chain risk, as the content at the 'stable' branch could change maliciously or unintentionally, leading to arbitrary code execution or cluster misconfiguration. It's recommended to pin to a specific release version or commit hash, or to host manifests locally after review. Pin the manifest URL to a specific version (e.g., a release tag or commit hash) instead of a mutable branch like 'stable'. Alternatively, download and review the manifest locally before applying it. | LLM | SKILL.md:39 | |
| CRITICAL | Direct execution of unpinned remote script The skill instructs users to download and execute a shell script directly from a remote URL using `curl | sudo bash`. This is a significant command injection and supply chain risk, as the content of the script could change at the source (`fluxcd.io/install.sh`) without warning, leading to arbitrary code execution with root privileges on the user's system. It's recommended to download, review, and then execute scripts, ideally pinning to a specific version. Avoid piping `curl` output directly to `bash`. Instead, download the script, review its contents, and then execute it. For production environments, consider hosting a vetted version of the script internally or using a package manager. | LLM | SKILL.md:79 | |
| HIGH | Exposure of initial admin password in command output The skill provides a command to retrieve and decode the initial ArgoCD admin password, which is then printed directly to the console. While this is a common administrative step, in an automated or logged environment, this could lead to the exposure of sensitive credentials. If the output of this command is captured or logged, the password could be compromised. Advise users to handle the output of this command with extreme care. If this command is part of an automated script, ensure the output is not logged or stored insecurely. Prompt users to change the default password immediately after retrieval. | LLM | SKILL.md:42 |
Scan History
Embed Code
[](https://skillshield.io/report/bbaf6a498c50580e)
Powered by SkillShield