Trust Assessment
hugo-blog-agent received a trust score of 56/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 5 findings: 1 critical, 1 high, 0 medium, and 3 low severity. Key findings include Covert behavior / concealment directives, Unsanitized URL in `seo-check.sh` leads to command injection, Unpinned `git pull` combined with `sudo` reload creates supply chain and privilege escalation risk.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 55/100, indicating areas for improvement.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings5
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Unsanitized URL in `seo-check.sh` leads to command injection The `check_agent_meta` function in the `seo-check.sh` script takes a `url` parameter and uses it directly within `curl -s "$url"` and `curl -s "${url}/feed.xml"`. If an untrusted input is provided for `url` (e.g., from an LLM prompt), an attacker can inject arbitrary shell commands by including metacharacters like `;`, `&`, `|`, `$(...)`, or `` `...` `` within the `url` string. This allows for arbitrary command execution on the host system. The `url` parameter must be strictly validated and sanitized to ensure it contains only a valid URL string without any shell metacharacters before being used in shell commands. Consider using a more robust URL parsing and validation library or escaping shell metacharacters if remaining in bash. | LLM | SKILL.md:190 | |
| HIGH | Unpinned `git pull` combined with `sudo` reload creates supply chain and privilege escalation risk The `daily-blog-update.sh` script performs a `git pull origin main` which fetches the latest code from the `main` branch without pinning to a specific commit hash or version tag. Immediately after, it executes `hugo --minify` and then `sudo nginx -t && sudo systemctl reload nginx`. If the remote Git repository's `main` branch is compromised, an attacker could inject malicious content (e.g., a malformed Nginx configuration file or a script that Hugo executes) that would then be processed and potentially executed with root privileges via the `sudo` commands. This creates a significant supply chain vulnerability leading to potential remote code execution and privilege escalation. 1. **Pin dependencies**: Instead of `git pull origin main`, pull a specific, cryptographically signed commit hash or a version tag. 2. **Isolate execution**: Run `git pull` and `hugo` in a sandboxed environment or with minimal privileges. 3. **Review changes**: Implement a mechanism to review changes from `git pull` before applying them, especially before running `sudo` commands. 4. **Least privilege**: Ensure the user running this script has the absolute minimum necessary `sudo` permissions, or refactor to avoid `sudo` where possible. | LLM | SKILL.md:163 | |
| LOW | Covert behavior / concealment directives HTML comment containing suspicious keywords Remove hidden instructions, zero-width characters, and bidirectional overrides. Skill instructions should be fully visible and transparent to users. | Manifest | skills/byron-mckeeby/hugo-blog-agent/SKILL.md:70 | |
| LOW | Covert behavior / concealment directives CSS-based text hiding Remove hidden instructions, zero-width characters, and bidirectional overrides. Skill instructions should be fully visible and transparent to users. | Manifest | skills/byron-mckeeby/hugo-blog-agent/SKILL.md:88 | |
| LOW | Covert behavior / concealment directives CSS-based text hiding Remove hidden instructions, zero-width characters, and bidirectional overrides. Skill instructions should be fully visible and transparent to users. | Manifest | skills/byron-mckeeby/hugo-blog-agent/SKILL.md:124 |
Scan History
Embed Code
[](https://skillshield.io/report/f700d89061fbf39b)
Powered by SkillShield