Trust Assessment
mini-piv received a trust score of 65/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 3 findings: 2 critical, 1 high, 0 medium, and 0 low severity. Key findings include Command Injection via unsanitized PROJECT_PATH in shell commands, Command Injection via unsanitized FEATURE_NAME in shell commands, Prompt Injection in sub-agent instructions via unsanitized variables.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 25/100, indicating areas for improvement.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Command Injection via unsanitized PROJECT_PATH in shell commands The `PROJECT_PATH` variable, derived from user arguments, is directly interpolated into shell commands (`ls`, `cd`). A malicious user could craft `PROJECT_PATH` to include arbitrary shell commands, leading to command injection. For example, setting `PROJECT_PATH` to `.; rm -rf /;` could execute `rm -rf /`. Sanitize `PROJECT_PATH` before using it in shell commands. Ensure it only contains valid path characters and does not contain shell metacharacters. Consider using a dedicated filesystem access tool or API that handles path sanitization, or explicitly quote/escape the variable in shell commands (e.g., `cd "$PROJECT_PATH"`). | LLM | SKILL.md:60 | |
| CRITICAL | Command Injection via unsanitized FEATURE_NAME in shell commands The `FEATURE_NAME` variable, derived from user arguments, is directly interpolated into a shell command (`grep`). A malicious user could craft `FEATURE_NAME` to include arbitrary shell commands, leading to command injection. For example, setting `FEATURE_NAME` to `"; rm -rf /; echo "` could execute `rm -rf /`. Sanitize `FEATURE_NAME` before using it in shell commands. Ensure it only contains valid filename characters and does not contain shell metacharacters. Explicitly quote/escape the variable in shell commands (e.g., `grep -i "mini-$FEATURE_NAME"`). | LLM | SKILL.md:60 | |
| HIGH | Prompt Injection in sub-agent instructions via unsanitized variables Variables such as `{PROJECT_PATH}`, `{FEATURE_NAME}`, `{SUMMARY}`, `{GAPS}`, and `{ERRORS}` are directly embedded into the prompts for spawned sub-agents. If these variables contain malicious instructions or prompt injection payloads (e.g., from user input or previous agent outputs), they could manipulate the behavior of the sub-agents, causing them to deviate from their intended tasks or perform unauthorized actions. Implement robust sanitization or escaping mechanisms for all variables interpolated into sub-agent prompts. Consider using structured data formats (e.g., JSON) for passing complex information to sub-agents, and instruct the sub-agents to parse these structures strictly rather than interpreting raw text. Explicitly define trust boundaries for data passed between agents. | LLM | SKILL.md:94 |
Scan History
Embed Code
[](https://skillshield.io/report/e49979c3ae594174)
Powered by SkillShield