Trust Assessment
kakiyo received a trust score of 71/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 3 findings: 0 critical, 2 high, 1 medium, and 0 low severity. Key findings include Potential Command Injection via mcporter arguments, Data Exfiltration via create_webhook to arbitrary URL, Broad tool access increases attack surface.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 63/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Potential Command Injection via mcporter arguments The skill defines `mcporter` commands where arguments like `name`, `url`, `workingHours`, `prospects` (JSON string), and `USER_API_KEY` are passed as string literals. If the `mcporter` tool or the underlying shell execution environment does not properly sanitize or escape these user-controlled string arguments before constructing and executing shell commands, an attacker could inject arbitrary shell commands. This is a common vulnerability pattern when external commands are built with string concatenation. Ensure the `mcporter` tool strictly sanitizes and escapes all arguments passed to it, especially user-controlled strings, before constructing and executing shell commands. Consider using a more robust method for passing arguments than direct shell interpolation, such as environment variables or temporary files, or ensure the `mcporter` tool itself handles argument parsing securely. | LLM | SKILL.md:50 | |
| HIGH | Data Exfiltration via create_webhook to arbitrary URL The `create_webhook` tool allows the skill to send event notifications (e.g., `prospect.replied`, `prospect.qualified`) to any specified URL. If an attacker can manipulate the LLM to call this tool with an attacker-controlled URL, sensitive data from LinkedIn automation events could be exfiltrated to an external server. This is a direct capability of the tool that can be abused for data exfiltration. Implement strict validation and whitelisting for webhook URLs. Only allow webhooks to trusted domains or require explicit user confirmation for new, untrusted URLs. The LLM should be trained to recognize and flag suspicious URLs and confirm with the user before creating webhooks to external domains. | LLM | SKILL.md:147 | |
| MEDIUM | Broad tool access increases attack surface The skill provides 42 tools covering extensive management capabilities for LinkedIn automation, including agents, campaigns, prospects, webhooks, DNC lists, and client workspaces. While these are legitimate functions, the broad scope of access increases the potential impact if the LLM's tool-use is compromised, allowing an attacker to perform a wide range of malicious actions on the Kakiyo platform. Implement granular access controls for the Kakiyo API, if available, to limit the scope of actions an LLM can perform based on its specific role or context. Ensure the LLM's internal reasoning and tool selection mechanisms are robust against manipulation to prevent unauthorized use of powerful tools. | LLM | SKILL.md:38 |
Scan History
Embed Code
[](https://skillshield.io/report/744e9a7cad630635)
Powered by SkillShield