Trust Assessment
infra-as-code received a trust score of 82/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 2 findings: 0 critical, 1 high, 1 medium, and 0 low severity. Key findings include Potential Command Injection in EC2 User Data, Potential Command Injection in Example Shell Script for Environment Selection.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings2
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Potential Command Injection in EC2 User Data The skill demonstrates an EC2 instance configuration using `user_data` which executes a shell script upon instance launch. The `docker run` command within this script directly interpolates the Terraform variable `${var.docker_image}`. If an AI agent generates this configuration based on untrusted user input for `var.docker_image` without proper sanitization, an attacker could inject arbitrary shell commands (e.g., `myimage; rm -rf /`) to be executed on the provisioned EC2 instance, leading to remote code execution. When generating `user_data` scripts that include variables derived from untrusted input, ensure strict validation and sanitization of those variables to prevent shell command injection. Consider using a safer mechanism for passing dynamic data or ensuring the `docker_image` variable is constrained to a list of known safe images. | LLM | SKILL.md:201 | |
| MEDIUM | Potential Command Injection in Example Shell Script for Environment Selection The skill provides an example shell script for applying Terraform configurations to different environments. The script uses `ENV=${1:-dev}` to capture an environment name, which is then directly interpolated into `terraform workspace select "$ENV"`, `terraform workspace new "$ENV"`, and `terraform apply -var-file="env/$ENV.tfvars"`. If an AI agent generates this script based on untrusted user input for the environment name (e.g., from a prompt), an attacker could inject arbitrary shell commands by providing a malicious value for `$1` (e.g., `"; rm -rf /"`). This would lead to command injection in the environment where the generated script is executed. When generating shell scripts that incorporate user-provided values, ensure all such values are properly sanitized or quoted to prevent command injection. For environment names, consider validating against a whitelist of allowed values. | LLM | SKILL.md:438 |
Scan History
Embed Code
[](https://skillshield.io/report/c97caff982bda0c0)
Powered by SkillShield