Trust Assessment
meeting-prep received a trust score of 77/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 3 findings: 0 critical, 1 high, 2 medium, and 0 low severity. Key findings include Unquoted variables in shell commands can lead to command injection, Broad Google Calendar API scope requested, Broad GitHub `repo` scope requested.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Unquoted variables in shell commands can lead to command injection The skill's API reference includes `bash` snippets where variables derived from external files (e.g., `credentials/client_secret.json`, `credentials/calendar_tokens.json`, `credentials/github_token`) are directly expanded into `curl` arguments without robust quoting. If these credential files contain malicious shell metacharacters, an attacker could inject arbitrary commands. For example, `CLIENT_ID=$(jq -r '.installed.client_id' credentials/client_secret.json)` followed by `-d "client_id=$CLIENT_ID"` is vulnerable if `$CLIENT_ID` contains `"; evil_command; #"` or similar shell escape sequences. Ensure all variables derived from untrusted or sensitive sources are properly quoted when used in shell commands. For `curl -d` arguments, consider using `--data-urlencode` or ensuring the values are strictly validated. If the skill is implemented in a language like Python, use parameterized subprocess calls or dedicated HTTP libraries instead of raw shell commands. | LLM | SKILL.md:69 | |
| MEDIUM | Broad Google Calendar API scope requested The skill requests the `https://www.googleapis.com/auth/calendar` scope for Google Calendar. This scope grants full read/write access to all calendars. Based on the 'Meeting Prep Check' workflow, which primarily involves 'Query configured calendars for events', a more restricted scope like `https://www.googleapis.com/auth/calendar.events.readonly` might be sufficient, adhering to the principle of least privilege. Review the exact requirements for Google Calendar interaction. If only reading events is necessary, reduce the scope to `https://www.googleapis.com/auth/calendar.events.readonly`. If writing is needed, specify which write operations and consider if a more granular scope exists. | LLM | SKILL.md:30 | |
| MEDIUM | Broad GitHub `repo` scope requested The skill requires a GitHub Personal Access Token with the `repo` scope. This scope grants full read/write access to all repositories the token owner has access to. The 'Daily Commit Summary' workflow describes 'Fetch all commits from configured repos'. For this read-only operation, a more restricted scope like `public_repo` (for public repositories) or a combination of read-only scopes (e.g., `repo:status`, `read:org`, `read:user`) might be more appropriate, following the principle of least privilege. Review the exact requirements for GitHub interaction. If only reading commits and repository metadata is necessary, reduce the scope to the minimum required, such as `public_repo` or a combination of read-only scopes. | LLM | SKILL.md:37 |
Scan History
Embed Code
[](https://skillshield.io/report/2acaf860301ab1fb)
Powered by SkillShield