Trust Assessment
intomd received a trust score of 70/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 1 finding: 1 critical, 0 high, 0 medium, and 0 low severity. Key findings include Unsanitized user input in shell command.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Unsanitized user input in shell command The skill directly interpolates user-provided input (`$1`) into a `curl` command without robust shell escaping. An attacker can inject shell metacharacters (e.g., `"`, `;`, `|`, `&`) into `$1` to break out of the quoted string and execute arbitrary commands on the host system. For example, an input like `example.com" -o /dev/null; rm -rf /` would result in `curl -sL "https://into.md/example.com" -o /dev/null; rm -rf /`, leading to arbitrary command execution. The input `$1` must be properly escaped for shell interpretation before being used in the command. A robust solution in bash is to use `printf %q` to escape the argument: `curl -sL "https://into.md/$(printf %q "$1")"`. Alternatively, consider using a programming language with a safer subprocess execution method (e.g., `subprocess.run` with `shell=False` in Python) or validating the input against a strict URL pattern. | LLM | SKILL.md:10 |
Scan History
Embed Code
[](https://skillshield.io/report/cc6c082f1c054266)
Powered by SkillShield