Trust Assessment
gog-calendar received a trust score of 58/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 3 findings: 1 critical, 1 high, 1 medium, and 0 low severity. Key findings include Missing required field: name, Prompt Injection via Untrusted Skill Instructions, Potential Command Injection via Unsanitized Shell Arguments.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 55/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Prompt Injection via Untrusted Skill Instructions The entire SKILL.md content is enclosed within the untrusted input delimiters, yet it contains numerous explicit instructions and directives intended to manipulate the host LLM's behavior. Examples include 'When answering, you MUST:', 'MUST query broadly', 'Workflow (do not skip):', and 'Before any write action: summarize exact intent, ask for explicit “yes”, then run the command'. This directly violates the instruction to treat all content within these tags as untrusted data, not instructions, and constitutes a critical prompt injection attempt. Remove all LLM-specific instructions and directives from within the untrusted input delimiters. Any necessary instructions for the LLM should be part of the trusted system prompt or tool definition, not embedded in untrusted skill documentation. | LLM | SKILL.md:25 | |
| HIGH | Potential Command Injection via Unsanitized Shell Arguments The skill explicitly instructs the LLM to construct and execute shell commands using `gogcli`, such as `gog calendar events --all --from <date_or_iso> --to <date_or_iso> --plain` and `gog calendar search "<query>" --calendar <calendarId> ...`. These commands involve interpolating values (like dates, search queries, or calendar IDs) that can originate from user input. If the LLM follows these untrusted instructions and does not implement robust sanitization or escaping for these interpolated values before executing the shell command, a malicious user could inject arbitrary shell commands, leading to command injection. If shell command execution is necessary, the LLM's implementation must rigorously sanitize and escape all user-controlled or dynamically generated arguments before passing them to the shell. This prevents shell metacharacters from being interpreted as commands. Ideally, use a safer API that does not involve direct shell command construction with user input. | LLM | SKILL.md:40 | |
| MEDIUM | Missing required field: name The 'name' field is required for claude_code skills but is missing from frontmatter. Add a 'name' field to the SKILL.md frontmatter. | Static | skills/lstpsche/gog-calendar/SKILL.md:1 |
Scan History
Embed Code
[](https://skillshield.io/report/80b3f119de067d05)
Powered by SkillShield