Trust Assessment
inkjet received a trust score of 79/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 3 findings: 0 critical, 1 high, 1 medium, and 1 low severity. Key findings include Unpinned dependency in pip installation, Skill allows printing of arbitrary local files, Skill exposes direct filesystem access for configuration modification.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Unpinned dependency in pip installation The `pip install inkjet` instruction in the manifest and skill documentation does not specify a version. This makes the installation vulnerable to supply chain attacks, where a malicious package with a higher version number could be published to PyPI and automatically installed, compromising the agent's environment. Pin the dependency to a specific, known-good version (e.g., `pip install inkjet==1.2.3`) to ensure consistent and secure installations. Consider using a `requirements.txt` file with pinned versions and hashes. | LLM | SKILL.md:20 | |
| MEDIUM | Skill allows printing of arbitrary local files The `inkjet print file` command, exposed by this skill, grants the LLM the ability to read and output the contents of any local file accessible to the agent's execution environment. A malicious prompt could exploit this to exfiltrate sensitive data (e.g., `/etc/passwd`, API keys, configuration files) from the host system by instructing the LLM to print specific file paths. Implement strict input validation and sanitization for file paths provided to the `inkjet print file` command. If possible, restrict file access to a designated sandbox directory or explicitly whitelist allowed file types and locations to prevent access to sensitive system files. | LLM | SKILL.md:50 | |
| LOW | Skill exposes direct filesystem access for configuration modification The skill explicitly states that users can "bypass the CLI and modify your behavior by writing directly to the configuration JSON" (`./.inkjet/config.json`). While intended for advanced configuration, this exposes a direct filesystem write path. An LLM, if prompted maliciously, could be instructed to modify this configuration file, potentially altering the tool's behavior in unintended ways or writing arbitrary content to a specific, known path. Ensure that any LLM interaction with configuration files is strictly controlled and validated. If direct filesystem modification is not critical for the LLM's intended use, consider limiting configuration changes to CLI commands only, which can offer better validation and control. | LLM | SKILL.md:109 |
Scan History
Embed Code
[](https://skillshield.io/report/f37d6475eb98170b)
Powered by SkillShield