Trust Assessment
google-tv received a trust score of 10/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 15 findings: 7 critical, 6 high, 2 medium, and 0 low severity. Key findings include Arbitrary command execution, Unsafe deserialization / dynamic eval, Dangerous call: subprocess.run().
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The Manifest Analysis layer scored lowest at 0/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings15
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Arbitrary command execution Python shell execution (os.system, subprocess) Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/antgly/google-tv/google_tv_skill.py:183 | |
| CRITICAL | Arbitrary command execution Python shell execution (os.system, subprocess) Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/antgly/google-tv/google_tv_skill.py:235 | |
| CRITICAL | Arbitrary command execution Python shell execution (os.system, subprocess) Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/antgly/google-tv/google_tv_skill.py:445 | |
| CRITICAL | Arbitrary command execution Python shell execution (os.system, subprocess) Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/antgly/google-tv/play_show_via_global_search.py:73 | |
| CRITICAL | Arbitrary command execution Python shell execution (os.system, subprocess) Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/antgly/google-tv/play_show_via_global_search.py:86 | |
| CRITICAL | Unsanitized user input in adb shell input text The skill uses `adb shell input text` with user-controlled input (the `text` argument) without proper sanitization. This allows an attacker to inject arbitrary shell commands on the connected Android device by crafting malicious input strings (e.g., `"; reboot;"` or `"; am start -a android.intent.action.VIEW -d http://malicious.com;"`). This vulnerability exists in both `google_tv_skill.py` and `play_show_via_global_search.py`. Before passing user-controlled `text` to `adb shell input text`, it must be properly escaped or quoted to prevent shell metacharacters from being interpreted as commands. A common approach is to enclose the text in single quotes and escape any single quotes within the text. Alternatively, consider using a safer ADB command if available, or an intent-based approach if the target app supports it, which might be less prone to shell injection. | LLM | google_tv_skill.py:300 | |
| CRITICAL | Unsanitized user input in adb shell input text (chained from google_tv_skill.py) The `play_show_via_global_search.py` helper script, which is called by `google_tv_skill.py` with user-controlled arguments, also uses `adb shell input text` with unsanitized user input. This creates a chained command injection vulnerability, allowing an attacker to execute arbitrary shell commands on the connected Android device by crafting malicious input strings for arguments like `--title` when calling the main skill. Before passing user-controlled `text` to `adb shell input text`, it must be properly escaped or quoted to prevent shell metacharacters from being interpreted as commands. A common approach is to enclose the text in single quotes and escape any single quotes within the text. Alternatively, consider using a safer ADB command if available, or an intent-based approach if the target app supports it, which might be less prone to shell injection. | LLM | play_show_via_global_search.py:220 | |
| HIGH | Dangerous call: subprocess.run() Call to 'subprocess.run()' detected in function 'run_adb'. This can execute arbitrary code. Avoid using dangerous functions like exec/eval/os.system. Use safer alternatives. | Static | skills/antgly/google-tv/google_tv_skill.py:183 | |
| HIGH | Dangerous call: subprocess.run() Call to 'subprocess.run()' detected in function 'launch_global_search_show'. This can execute arbitrary code. Avoid using dangerous functions like exec/eval/os.system. Use safer alternatives. | Static | skills/antgly/google-tv/google_tv_skill.py:235 | |
| HIGH | Dangerous call: subprocess.run() Call to 'subprocess.run()' detected in function 'resolve_youtube_id_with_yt_api'. This can execute arbitrary code. Avoid using dangerous functions like exec/eval/os.system. Use safer alternatives. | Static | skills/antgly/google-tv/google_tv_skill.py:445 | |
| HIGH | Dangerous call: subprocess.Popen() Call to 'subprocess.Popen()' detected in function 'launch_scrcpy'. This can execute arbitrary code. Avoid using dangerous functions like exec/eval/os.system. Use safer alternatives. | Static | skills/antgly/google-tv/play_show_via_global_search.py:86 | |
| HIGH | Dangerous call: subprocess.run() Call to 'subprocess.run()' detected in function 'run_adb'. This can execute arbitrary code. Avoid using dangerous functions like exec/eval/os.system. Use safer alternatives. | Static | skills/antgly/google-tv/play_show_via_global_search.py:73 | |
| HIGH | Unsanitized user query passed to external `yt-api` command The `resolve_youtube_id_from_query` function executes an external `yt-api` command with a user-controlled `query` string. If the `yt-api` binary is a shell script, or if it has its own command injection vulnerabilities, a malicious `query` could lead to arbitrary command execution on the host system. Even if `yt-api` is a compiled binary, improper handling of arguments could still pose a risk. Ensure that `yt-api` is a trusted, well-behaved binary that treats its arguments as literal strings and not as shell commands. If `yt-api` is a shell script, it must properly quote or escape the `query` argument. Consider using a Python library for YouTube API interaction instead of an external CLI tool to reduce the attack surface. If an external tool is necessary, validate and sanitize the `query` string to remove any potentially malicious characters before passing it to `subprocess.run`. | LLM | google_tv_skill.py:250 | |
| MEDIUM | Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions. | Manifest | skills/antgly/google-tv/google_tv_skill.py:30 | |
| MEDIUM | Intent redirection via environment variable controlled package names The skill allows overriding the target package names for YouTube (`YOUTUBE_PACKAGE`) and Tubi (`TUBI_PACKAGE`) via environment variables. An attacker who can control the environment where the skill executes could set these variables to point to a malicious application installed on the Android device. When the skill attempts to launch a YouTube or Tubi video, the intent would be directed to the attacker's app, potentially allowing it to intercept the video ID/URL, display malicious content, or perform other unauthorized actions on the device. Restrict the ability to override critical package names via environment variables. If customization is necessary, implement a whitelist of allowed package names or require explicit user confirmation for non-default packages. Ensure that the environment where the skill runs is secured against unauthorized modification of environment variables. | LLM | google_tv_skill.py:101 |
Scan History
Embed Code
[](https://skillshield.io/report/7ea2f43db9d69041)
Powered by SkillShield