Trust Assessment
helm-chart-scaffolding received a trust score of 82/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 2 findings: 0 critical, 1 high, 1 medium, and 0 low severity. Key findings include Command Injection via Chart.yaml content parsing, Excessive Permissions: Processing of arbitrary local directories.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings2
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Command Injection via Chart.yaml content parsing The script parses `Chart.yaml` using `grep` and `awk` and assigns the output directly to shell variables (`CHART_NAME`, `CHART_VERSION`, `APP_VERSION`). If a malicious `Chart.yaml` is processed (e.g., containing `name: $(rm -rf /)`), the shell will execute the content within `$(...)` during variable assignment. This allows arbitrary command execution on the system where the script is run. Use safer parsing methods that do not execute shell commands from file content. For YAML parsing, consider using a dedicated YAML parser (e.g., `yq` or a Python script) that can safely extract values without shell evaluation. If `grep`/`awk` must be used, ensure the output is sanitized or strictly quoted before variable assignment, or avoid direct assignment of potentially untrusted content to variables that are then used in command contexts. A more robust approach would be to use `helm show chart "$CHART_DIR"` and parse its structured output, which is less susceptible to this type of injection. | LLM | scripts/validate-chart.sh:60 | |
| MEDIUM | Excessive Permissions: Processing of arbitrary local directories The script takes `CHART_DIR` as an argument (`$1`) and uses it to access and process files (e.g., `Chart.yaml`, `values.yaml`, `templates/`) and execute `helm` commands within that directory. If the LLM is prompted to execute this script with a user-controlled `CHART_DIR` that points to an arbitrary location on the filesystem (e.g., `/etc`, `/root`), it could lead to the skill processing unintended or sensitive files. While the script itself doesn't exfiltrate data, it provides the mechanism for an LLM to be coerced into accessing or processing malicious content from arbitrary locations, potentially exposing sensitive information or causing unintended side effects. Implement strict validation of the `CHART_DIR` argument to ensure it refers to a path within the skill's designated workspace or a known safe location. Avoid processing arbitrary user-provided paths directly. If the skill's purpose requires processing user-provided charts, ensure they are first isolated in a secure sandbox environment or that the path is strictly validated against allowed directories. | LLM | scripts/validate-chart.sh:2 |
Scan History
Embed Code
[](https://skillshield.io/report/7853cd74e47592e7)
Powered by SkillShield