Trust Assessment
gram received a trust score of 82/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 3 findings: 0 critical, 1 high, 1 medium, and 0 low severity. Key findings include Skill exposes parameters for sensitive Instagram authentication cookies, Potential command injection via `--chrome-profile-dir` argument, Reliance on external npm package `@cyberdrk/gram` introduces supply chain risk.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Skill exposes parameters for sensitive Instagram authentication cookies The `gram` skill's documentation explicitly details command-line arguments (`--session-id`, `--csrf-token`, `--ds-user-id`) and configuration options (`--cookie-source`, `--chrome-profile-dir`, `--firefox-profile`) for providing or extracting Instagram authentication cookies. If the host LLM is prompted by an untrusted user to construct `gram` commands using these parameters, and the user provides malicious or unintended values, it could lead to:
1. **Credential Exposure**: The LLM might inadvertently pass its own sensitive Instagram cookies (if stored in its environment or accessible files) to `gram` under attacker control.
2. **Unauthorized Access**: An attacker could provide their own stolen cookies, or trick the LLM into using cookies from an unintended source, potentially gaining unauthorized access to Instagram accounts.
While handling these credentials is the tool's intended function, the direct exposure of these parameters creates a high-risk surface for misuse or credential leakage if the LLM does not rigorously validate and sanitize all inputs. The host LLM must implement robust input validation and sanitization for all parameters that accept sensitive data, especially when constructing `gram` commands from untrusted user input. Avoid passing raw, untrusted user input directly to `--session-id`, `--csrf-token`, `--ds-user-id`, `--chrome-profile-dir`, or `--firefox-profile`. Consider using secure credential storage mechanisms or prompting the user for explicit confirmation before using sensitive credentials. | LLM | SKILL.md:30 | |
| MEDIUM | Potential command injection via `--chrome-profile-dir` argument The `gram` skill's documentation indicates that the `--chrome-profile-dir <path>` argument can be used to specify a custom directory for Chrome/Chromium profiles. If an untrusted user can manipulate the `<path>` value provided to the LLM (e.g., through a prompt injection attack), and the `gram` tool itself has a vulnerability in how it processes or accesses files within this user-controlled directory (e.g., path traversal, loading executable content, or misinterpreting the path as a command), it could lead to arbitrary command execution or unauthorized file system access on the host system. This constitutes a credible command injection vector, although its exploitability depends on the underlying `gram` tool's implementation. The host LLM should implement strict input validation and sanitization for any user-provided input intended for the `--chrome-profile-dir` argument. Only allow known safe and whitelisted paths, and prevent any characters or patterns that could indicate path traversal or command injection attempts. Avoid passing arbitrary user-controlled strings directly to this parameter. | LLM | SKILL.md:35 | |
| INFO | Reliance on external npm package `@cyberdrk/gram` introduces supply chain risk The skill's manifest and documentation specify the installation of the `@cyberdrk/gram` npm package. Any external third-party dependency introduces a supply chain risk. This risk includes the possibility of the package itself containing malicious code, or being compromised in the future, or being subject to typosquatting attacks during installation. While the package name is explicitly stated, without further security vetting of the `@cyberdrk/gram` package and its maintainers, the trustworthiness of this dependency cannot be fully guaranteed. Conduct a thorough security review of the `@cyberdrk/gram` package, including its source code, maintainer reputation, and dependency tree. Consider pinning the exact version of the package in the manifest to prevent unexpected or malicious updates. Implement continuous monitoring for known vulnerabilities in the package and its dependencies. | LLM | SKILL.md:11 |
Scan History
Embed Code
[](https://skillshield.io/report/b79b5ebd9cadb70c)
Powered by SkillShield