Trust Assessment
jira-sync-judge received a trust score of 98/100, placing it in the Trusted category. This skill has passed all critical security checks and demonstrates strong security practices.
SkillShield's automated analysis identified 1 finding: 0 critical, 0 high, 0 medium, and 1 low severity. Key findings include Excessive permission: Bash tool access declared.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| LOW | Excessive permission: Bash tool access declared The skill declares access to the `Bash` tool, allowing the AI agent to execute arbitrary shell commands on the host system. This is a highly privileged permission that significantly increases the attack surface for command injection and unauthorized system access. While potentially necessary for the skill's functionality, its declaration without visible safe usage patterns warrants caution. Review the necessity of `Bash` tool access for this skill. If essential, ensure all `Bash` commands are executed with extreme care, employing strict input validation and sanitization to prevent command injection. Consider using more specific, less powerful tools or APIs if the required functionality can be achieved without direct shell access. | LLM | SKILL.md |
Scan History
Embed Code
[](https://skillshield.io/report/ecf658f7b45298d1)
Powered by SkillShield