Trust Assessment
glasses-to-social received a trust score of 58/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 4 findings: 1 critical, 1 high, 2 medium, and 0 low severity. Key findings include Sensitive environment variable access: $HOME, Command Injection via untrusted googleDriveFolderUrl in gdown, Command Injection via untrusted paths from config.json.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 48/100, indicating areas for improvement.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings4
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Command Injection via untrusted googleDriveFolderUrl in gdown The `scripts/check-new-photos.sh` script constructs a `gdown` command using the `googleDriveFolderUrl` value from `config.json`. If an attacker can control the `config.json` (e.g., through prompt injection influencing the LLM to generate a malicious config, or by providing a malicious config file path), they can inject arbitrary shell commands into the `gdown` execution. For example, a `googleDriveFolderUrl` like `https://drive.google.com/drive/folders/ID; rm -rf /; echo ` would execute `rm -rf /`. The `jq -r` command prevents JSON injection but not shell injection when the output is used directly in a shell command. Sanitize or validate the `FOLDER_URL` to ensure it does not contain shell metacharacters before passing it to `gdown`. A safer approach would be to call `gdown` programmatically from Python, passing arguments as a list, or to strictly validate the URL format. | LLM | scripts/check-new-photos.sh:29 | |
| HIGH | Command Injection via untrusted paths from config.json The `scripts/check-new-photos.sh` script uses `downloadPath` and `processedFile` values from `config.json` directly in shell commands such as `mkdir -p`, `cp`, and file redirection (`>`). If an attacker can control `config.json` (e.g., through prompt injection influencing the LLM to generate a malicious config), they could inject shell metacharacters into these path variables. This could lead to arbitrary command execution (e.g., `mkdir -p "/tmp/foo; rm -rf /; echo "`) or file overwrite/creation in unintended locations. Validate `downloadPath` and `processedFile` to ensure they are safe, absolute or relative paths and do not contain shell metacharacters. Implement strict validation (e.g., regex for valid path characters) or use a programming language's path manipulation functions that handle special characters safely. | LLM | scripts/check-new-photos.sh:20 | |
| MEDIUM | Sensitive environment variable access: $HOME Access to sensitive environment variable '$HOME' detected in shell context. Verify this environment variable access is necessary and the value is not exfiltrated. | Static | skills/junebugg1214/glasses-to-social/scripts/check-new-photos.sh:7 | |
| MEDIUM | Broad Google Drive folder access and potential data exposure The skill instructs users to share their Google Drive folder with "Anyone with link can view". The `gdown` command then downloads *all* contents of this folder. While the script itself doesn't exfiltrate data, this broad sharing permission combined with the agent's full access to the folder's contents creates a significant risk. If the agent's environment is compromised or if the agent is later instructed to process or share these files maliciously, sensitive personal photos could be exposed. Recommend stricter Google Drive sharing permissions (e.g., specific user access, or restricted to the agent's service account if possible). Implement mechanisms to only download specific, newly added files rather than the entire folder contents repeatedly. Advise users on the implications of broad sharing for personal data. | LLM | SKILL.md:20 |
Scan History
Embed Code
[](https://skillshield.io/report/fb65dd3bba170c43)
Powered by SkillShield