Trust Assessment
image-to-relief-stl received a trust score of 58/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 5 findings: 1 critical, 1 high, 2 medium, and 1 low severity. Key findings include Sensitive environment variable access: $HOME, Command Injection via unsanitized --preview-svg argument, Arbitrary File Write via unsanitized --out argument.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 46/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings5
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Command Injection via unsanitized --preview-svg argument The `scripts/image_to_relief.sh` script directly inserts the `$PREVIEW` variable (derived from the `--preview-svg` command-line argument) into a `potrace` command without any sanitization or escaping. An attacker can inject arbitrary shell commands by providing a malicious value for `--preview-svg`, leading to remote code execution. Sanitize or escape the `$PREVIEW` variable before using it in the `potrace` command. A safer approach would be to use `printf %q` for shell arguments or pass the output path to a Python script that handles file operations securely. | LLM | scripts/image_to_relief.sh:78 | |
| HIGH | Arbitrary File Write via unsanitized --out argument The `scripts/image_to_relief.py` script uses the `args.out` argument (derived from the `--out` command-line argument) directly as the file path for writing the output STL. This allows an attacker to specify an arbitrary file path, potentially overwriting critical system files or writing sensitive data to unexpected locations, leading to data corruption or denial of service. The shell script also uses this unsanitized `$OUT` variable in `mkdir -p "$(dirname "$OUT")"` which could be exploited for command injection if the `dirname` command is tricked. Validate and sanitize the output file path (`args.out`) to ensure it is within an allowed directory (e.g., a temporary directory or a user-controlled output directory) and does not contain path traversal sequences (e.g., `../`). | LLM | scripts/image_to_relief.py:40 | |
| MEDIUM | Sensitive environment variable access: $HOME Access to sensitive environment variable '$HOME' detected in shell context. Verify this environment variable access is necessary and the value is not exfiltrated. | Static | skills/ajmwagar/image-to-relief-stl/scripts/image_to_relief.sh:50 | |
| MEDIUM | Arbitrary File Read via unsanitized --in argument The `scripts/image_to_relief.py` script uses the `args.input` argument (derived from the `--in` command-line argument) directly in `Image.open(args.input)`. This allows an attacker to attempt to read arbitrary files accessible to the skill's process by providing a path traversal sequence (e.g., `../../etc/passwd`). While the content isn't directly exfiltrated, the skill's behavior or error messages could reveal information about the file's existence or type, posing a data exfiltration risk. Validate and sanitize the input file path (`args.input`) to ensure it is within an allowed directory and does not contain path traversal sequences (e.g., `../`). | LLM | scripts/image_to_relief.py:204 | |
| LOW | Unpinned dependency in pip install The `scripts/image_to_relief.sh` script installs the `pillow` Python package using `pip install pillow` without specifying a version. This introduces a supply chain risk as future versions of `pillow` could introduce breaking changes, vulnerabilities, or unexpected behavior. While `pillow` is a widely used and generally trusted library, pinning dependencies is a best practice for security and reproducibility. Pin the `pillow` dependency to a specific version (e.g., `pip install pillow==X.Y.Z`) to ensure consistent and secure installations. Consider using a `requirements.txt` file for managing dependencies. | LLM | scripts/image_to_relief.sh:44 |
Scan History
Embed Code
[](https://skillshield.io/report/6c353ba49739e725)
Powered by SkillShield