Trust Assessment
gopass received a trust score of 65/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 4 findings: 1 critical, 2 high, 1 medium, and 0 low severity. Key findings include Potential for Unauthorized GPG Recipient Addition, Direct Secret Retrieval via `gopass show`, Potential for Unauthorized Secret Deletion.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 33/100, indicating areas for improvement.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings4
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Potential for Unauthorized GPG Recipient Addition The skill documentation describes the `gopass recipients add <gpg-id>` command. If an LLM is instructed to execute this command with a user-controlled GPG ID, an attacker could add their own GPG key as a recipient to the gopass store. This would grant the attacker the ability to decrypt all secrets within that store, leading to complete compromise of sensitive data. This represents a severe command injection vulnerability if the LLM does not sufficiently sanitize or validate user input for this specific command. Implement strict input validation and authorization checks before allowing the LLM to execute `gopass recipients add`. Consider disallowing this specific command via the skill or requiring explicit human confirmation for such sensitive operations. | LLM | SKILL.md:90 | |
| HIGH | Direct Secret Retrieval via `gopass show` The skill documents `gopass show -o path/to/secret` which directly outputs the password of a secret to standard output. If an attacker can control the `path/to/secret` argument and prompt the LLM to execute this command and return its output, they can exfiltrate any secret stored in gopass. This is a direct path to sensitive data exposure. Implement strict access control and input validation for `gopass show` commands. Ensure that the LLM only retrieves secrets from paths explicitly authorized or confirmed by the user, and that the output is handled securely (e.g., not directly echoed to an untrusted user). | LLM | SKILL.md:24 | |
| HIGH | Potential for Unauthorized Secret Deletion The skill documents `gopass rm path/to/secret` and `gopass rm -r path/to/folder`. If an attacker can control the `path/to/secret` or `path/to/folder` arguments, they could instruct the LLM to delete arbitrary secrets or entire secret folders from the gopass store. This could lead to denial of service or data loss. Implement strict input validation and authorization checks for `gopass rm` commands. Require explicit user confirmation for deletion operations, especially for recursive deletions. | LLM | SKILL.md:58 | |
| MEDIUM | Potential for Arbitrary Gopass Store Mounts The skill documents `gopass mounts add work /path/to/work-store`. If an attacker can control the `/path/to/work-store` argument, they could instruct the LLM to mount an arbitrary directory as a gopass sub-store. This could potentially expose sensitive files within that directory to gopass operations or allow gopass to write secrets into an attacker-controlled location. Implement strict input validation for mount paths. Only allow mounting of pre-approved or carefully sandboxed directories. Require explicit user confirmation for new mount points. | LLM | SKILL.md:79 |
Scan History
Embed Code
[](https://skillshield.io/report/b2017f188912fdab)
Powered by SkillShield