Trust Assessment
host-ping-detect received a trust score of 73/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 3 findings: 0 critical, 1 high, 2 medium, and 0 low severity. Key findings include Missing required field: name, Prompt Injection: Explicit instruction for shell execution, Command Injection: Untrusted content dictates shell command execution.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Command Injection: Untrusted content dictates shell command execution The skill's usage instructions, provided as untrusted content, contain a direct instruction for the agent to execute a shell command (`ping -c 4 39.106.7.8`). If the host LLM complies with this instruction from untrusted input, it directly leads to command execution. This bypasses the LLM's intended tool-use mechanisms and creates a command injection vulnerability. Although the command is fixed in this example, the underlying vulnerability allows for arbitrary command execution if the input were to become dynamic or if the LLM is manipulated further. Prevent LLMs from directly executing shell commands based on instructions found in untrusted skill descriptions. Implement a robust tool-use mechanism where skills declare their capabilities (e.g., 'can ping host') and the LLM decides *how* to execute it, using sandboxed tools or APIs, rather than raw shell. All command execution should be mediated by a secure, permissioned tool. | LLM | SKILL.md:7 | |
| MEDIUM | Missing required field: name The 'name' field is required for claude_code skills but is missing from frontmatter. Add a 'name' field to the SKILL.md frontmatter. | Static | skills/ray-778/host-ping-detect/SKILL.md:1 | |
| MEDIUM | Prompt Injection: Explicit instruction for shell execution The skill's usage instructions, provided as untrusted content, explicitly instruct the agent to 'Use shell execution to run' a command. This is an attempt to manipulate the host LLM into performing a specific action (shell execution) that might not be intended or allowed by the LLM's security policies. While the command itself is fixed in this instance, this pattern can be exploited to force the LLM into executing arbitrary commands if the input were variable. Remove explicit instructions for the LLM to use specific execution methods (like 'shell execution') from untrusted content. The skill should declare its capabilities, and the LLM should decide how to execute them based on its own tools and security policies, preferably through sandboxed APIs rather than raw shell. | LLM | SKILL.md:6 |
Scan History
Embed Code
[](https://skillshield.io/report/4bde52aaa0ad4b5c)
Powered by SkillShield