Trust Assessment
let-me-know received a trust score of 79/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 3 findings: 0 critical, 1 high, 2 medium, and 0 low severity. Key findings include Potential Command Injection via Task Execution, Excessive Permissions: Broad Command Execution and Gateway Restart, Potential Data Exfiltration via Progress Reporting.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 12, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Potential Command Injection via Task Execution The skill explicitly states its workflow includes 'Execute the long-running command(s)'. If these commands are constructed using untrusted user input without proper sanitization or validation, it could lead to command injection, allowing an attacker to execute arbitrary commands on the host system. Implement strict input sanitization and validation for any user-provided command arguments. Use parameterized commands or allow-lists for executable commands and their arguments. Avoid directly concatenating user input into shell commands. | LLM | SKILL.md:39 | |
| MEDIUM | Excessive Permissions: Broad Command Execution and Gateway Restart The skill's design requires the ability to 'Execute the long-running command(s)' and explicitly mentions `commands.restart: true`. These permissions grant broad control over the execution environment, including running arbitrary commands and restarting the agent's gateway. While necessary for the skill's stated function, these capabilities pose a significant security risk if misused or exploited. Implement strict access control and least privilege principles. Ensure that command execution is limited to a predefined set of safe commands or that all arguments are thoroughly sanitized. Restrict `commands.restart` to only critical recovery scenarios and ensure it cannot be triggered by untrusted input. | LLM | SKILL.md:39 | |
| MEDIUM | Potential Data Exfiltration via Progress Reporting The skill's workflow instructs the agent to 'read the latest progress (state file/logs)' and include 'progress metrics' in outbound heartbeat messages. This design pattern inherently involves reading local file content and transmitting derived information externally. If the state files or logs contain sensitive information, or if the 'progress metrics' are not carefully filtered and sanitized, this could lead to the inadvertent exfiltration of sensitive data. Ensure that state files and logs do not contain sensitive information. Implement strict filtering and sanitization of 'progress metrics' to prevent accidental leakage of data from logs or state files. Only transmit essential, non-sensitive progress information. | LLM | SKILL.md:29 |
Scan History
Embed Code
[](https://skillshield.io/report/160ec27d9d104040)
Powered by SkillShield