Trust Assessment
jq-json-processor received a trust score of 73/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 2 findings: 0 critical, 2 high, 0 medium, and 0 low severity. Key findings include Potential Command Injection via unsanitized shell arguments, Data Exfiltration via arbitrary file access and network requests.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 12, 2026 (commit 9c1b8e80). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings2
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Potential Command Injection via unsanitized shell arguments The skill demonstrates executing `jq` commands directly in a shell environment. If arguments such as the `jq` filter expression, input filename, or other parameters are constructed using unsanitized user input, it could lead to arbitrary command execution. For example, a user could provide a malicious filename like `$(rm -rf /)` or inject shell commands into the input stream, potentially leading to a shell escape if not properly handled by the LLM's execution environment. All user-provided input used in shell commands must be strictly validated and sanitized. Specifically, filenames should be checked against allowed patterns and canonicalized to prevent directory traversal. `jq` filter expressions should be treated as untrusted code and either validated against a whitelist or executed in a highly sandboxed environment that prevents shell escapes. Consider using a dedicated `jq` library or API if available, rather than direct shell execution, to process user-provided `jq` expressions. | LLM | SKILL.md:57 | |
| HIGH | Data Exfiltration via arbitrary file access and network requests The skill's examples demonstrate reading local files (e.g., `users.json`, `file.json`, `package.json`) and making external network requests (`curl`). If the file paths or URLs are derived from untrusted user input without proper validation, an attacker could specify paths to sensitive system files (e.g., `/etc/passwd`, `/root/.ssh/id_rsa`) for exfiltration, or direct `curl` to send data to an attacker-controlled server. Implement strict input validation for all file paths and URLs. File paths should be restricted to a safe, designated directory and canonicalized to prevent directory traversal. URLs should be validated against a whitelist of allowed domains or patterns, and any data sent via network requests should be carefully controlled and sanitized. | LLM | SKILL.md:57 |
Scan History
Embed Code
[](https://skillshield.io/report/0396d46c5dfff3b9)
Powered by SkillShield