Trust Assessment
jiang-irac-nonuse-evidence received a trust score of 64/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 5 findings: 1 critical, 0 high, 1 medium, and 1 low severity. Key findings include Missing required field: name, Command Injection via User-Controlled Arguments to External Tools, Unpinned Dependencies in requirements.txt.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 68/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings5
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Command Injection via User-Controlled Arguments to External Tools The `run_nonuse_webui.py` script accepts various user-controlled inputs (e.g., `input_path`, `direct_bind_lines`, `scan_other_lines`, `caseinfo_overrides`) via its web interface. These inputs are then passed as command-line arguments to `run_nonuse_case.py` using `subprocess.run`. In `run_nonuse_case.py`, these arguments are further processed and used to construct commands for external tools like `soffice` (LibreOffice), `pdftoppm`, and `tesseract` via `subprocess.run`. Specifically, the `_apply_caseinfo_overrides` function in `run_nonuse_case.py` directly appends user-provided values to the command list. While `subprocess.run` is called with `shell=False` (default), an attacker could craft malicious input (e.g., filenames or override values containing command-line options or special characters) to inject arbitrary arguments into the external commands. This could lead to unintended file operations, information disclosure, or even arbitrary code execution if the external tools have exploitable argument parsing vulnerabilities. Implement robust input sanitization and validation for all user-controlled data before it is used in `subprocess.run` calls. Ensure that arguments passed to external commands are properly escaped or quoted to prevent argument injection. Consider using a whitelist approach for allowed characters and argument structures. For `_apply_caseinfo_overrides`, validate the `flag` and `value` against a strict whitelist of expected options and formats. | LLM | run_nonuse_webui.py:200 | |
| MEDIUM | Missing required field: name The 'name' field is required for claude_code skills but is missing from frontmatter. Add a 'name' field to the SKILL.md frontmatter. | Static | skills/jisngzhongling/jiang-irac-nonuse-evidence/SKILL.md:1 | |
| LOW | Information Disclosure via Stack Traces in Logs The application logs full stack traces using `traceback.format_exc()` in various `LOGGER.exception` and `audit` calls across multiple files. While useful for debugging, exposing detailed stack traces in logs can lead to information disclosure, revealing internal file paths, system configurations, and other sensitive operational details that could aid an attacker in understanding the system's architecture and identifying further vulnerabilities. This information might be accessible if logs are not adequately secured. Consider redacting or sanitizing sensitive information from stack traces before logging, especially in production environments. Implement strict access controls for log files to prevent unauthorized access. For non-critical exceptions, log only essential details rather than full stack traces. | LLM | utils/logger.py:30 | |
| INFO | Unpinned Dependencies in requirements.txt The `requirements.txt` file specifies dependencies without pinning their exact versions. This can lead to non-deterministic builds and introduces a supply chain risk, as new versions of dependencies might introduce breaking changes, security vulnerabilities, or unexpected behavior. An attacker could potentially exploit a vulnerability in a newly released version of an unpinned dependency. Pin all dependencies to exact versions (e.g., `pandas==1.5.3`) to ensure reproducible builds and mitigate risks from unexpected updates. Regularly review and update pinned dependencies to incorporate security patches. | LLM | requirements.txt:1 | |
| INFO | Potential Credential Handling Indicated by Log Sanitization The `_sanitize_event_value` function in `utils/logger.py` explicitly looks for and redacts keys like 'token', 'secret', 'password', and 'authorization' from audit logs. This indicates that the application handles or processes sensitive credentials. While the sanitization itself is a good security practice, the presence of such a mechanism highlights the potential for credential harvesting if these sensitive values are not securely managed throughout their lifecycle (e.g., hardcoded, improperly stored, or exposed before reaching the sanitization logic). The `WEBUI_AUTH_TOKEN` in `run_nonuse_webui.py` is an example of such a credential. Ensure that all sensitive credentials are handled securely throughout the application's lifecycle. Avoid hardcoding secrets. Use environment variables, secure configuration management, or a dedicated secrets management system. Implement strong access controls and encryption for any stored credentials. Regularly rotate API keys and tokens. | LLM | utils/logger.py:20 |
Scan History
Embed Code
[](https://skillshield.io/report/65fe8d2e043fa548)
Powered by SkillShield