Trust Assessment
java-change-with-tests received a trust score of 79/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 2 findings: 0 critical, 1 high, 1 medium, and 0 low severity. Key findings include Missing required field: name, Potential Command Injection via build tool execution.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings2
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Potential Command Injection via build tool execution The skill explicitly instructs the AI agent to execute shell commands using the repository's build tool (e.g., `mvn -q test`). If parameters for these commands (such as module names, test names, or other build arguments) are derived directly from untrusted user input without proper sanitization, an attacker could inject malicious commands, leading to arbitrary code execution on the host system. The AI agent implementing this skill must rigorously sanitize all user-provided inputs before incorporating them into shell commands. Implement robust input validation, use parameterized command execution where available, or escape/quote all untrusted inputs to prevent command injection vulnerabilities. | LLM | SKILL.md:27 | |
| MEDIUM | Missing required field: name The 'name' field is required for claude_code skills but is missing from frontmatter. Add a 'name' field to the SKILL.md frontmatter. | Static | skills/tanerilyazov/java-change-with-tests/SKILL.md:1 |
Scan History
Embed Code
[](https://skillshield.io/report/67737353d000e341)
Powered by SkillShield