Trust Assessment
glab-completion received a trust score of 35/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 4 findings: 1 critical, 2 high, 1 medium, and 0 low severity. Key findings include Persistence / self-modification instructions, Persistence mechanism: Shell RC file modification, Shell commands modify persistent system or user configuration files.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings4
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Persistence / self-modification instructions Shell RC file modification for persistence Remove any persistence mechanisms. Skills should not modify system startup configurations, crontabs, LaunchAgents, systemd services, or shell profiles. | Manifest | skills/vince-winkintel/gitlab-cli-skills/glab-completion/SKILL.md:39 | |
| HIGH | Shell commands modify persistent system or user configuration files The skill provides shell commands that, if executed by an AI agent, write to system-wide (`/etc/bash_completion.d/`, `/usr/local/etc/bash_completion.d/`, `/usr/local/share/zsh/site-functions/`) or user-specific (`~/.zshrc`, `~/.config/fish/completions/`) shell configuration files. This allows for persistent modification of the execution environment. A malicious agent or a compromised `glab` binary could inject arbitrary commands that execute every time a new shell session starts, leading to persistent arbitrary code execution. Implement strict sandboxing for shell command execution. Require explicit user confirmation for any commands that modify system or user configuration files. Ensure the AI agent operates with the principle of least privilege, especially when interacting with the filesystem. | LLM | SKILL.md:26 | |
| HIGH | Shell commands directly execute output from external programs The skill instructs the execution of output from the `glab completion` command using `source <(...)` in Bash/Zsh, `| source` in Fish, and `| Out-String | Invoke-Expression` in PowerShell. While `glab` is assumed to be a legitimate tool, if the `glab` binary were compromised or its output manipulated, executing its output directly without validation could lead to arbitrary code execution on the host system. This bypasses typical security checks by treating external program output as trusted code. Implement strict sandboxing for shell command execution. Require explicit user confirmation before executing any commands that source or invoke external program output. If execution is necessary, validate the content of the output before passing it to `source` or `Invoke-Expression`. | LLM | SKILL.md:20 | |
| MEDIUM | Persistence mechanism: Shell RC file modification Detected Shell RC file modification pattern. Persistence mechanisms allow malware to survive system restarts. Review this persistence pattern. Skills should not modify system startup configuration. | Static | skills/vince-winkintel/gitlab-cli-skills/glab-completion/SKILL.md:39 |
Scan History
Embed Code
[](https://skillshield.io/report/af24242617d16012)
Powered by SkillShield