Trust Assessment
morning-briefing received a trust score of 58/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 5 findings: 2 critical, 1 high, 1 medium, and 0 low severity. Key findings include Missing required field: name, Unsanitized user input in heredoc leads to command injection, Unsanitized user input in LLM output leads to prompt injection.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 25/100, indicating areas for improvement.
Last analyzed on February 12, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings5
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Unsanitized user input in heredoc leads to command injection The script uses the first argument (`$1`) directly within a heredoc without proper sanitization. If `$1` contains shell metacharacters or command substitutions (e.g., `$(command)`), it will be executed when the heredoc is processed, leading to arbitrary command execution. Sanitize or quote the `$1` variable before using it in the heredoc. For example, use `printf %q` to properly escape the input if it's intended to be literal, or validate its content if it's expected to be a specific format (e.g., a date). | LLM | scripts/generate-briefing.sh:8 | |
| CRITICAL | Unsanitized environment variable in curl command leads to command injection The `notion_db` variable, derived from the `NOTION_TASKS_DB` environment variable, is used directly within a double-quoted string in a `curl` command. If `NOTION_TASKS_DB` contains shell metacharacters (e.g., `$(command)` or `; command`), it can lead to arbitrary command execution. Ensure the `NOTION_TASKS_DB` environment variable is validated and sanitized before use, or properly quote it to prevent shell expansion. For example, use `printf %q` to escape the variable if it's meant to be a literal string, or pass it as a separate argument to `curl` if the API supports it. | LLM | scripts/generate-briefing.sh:22 | |
| HIGH | Unsanitized user input in LLM output leads to prompt injection The script includes the first argument (`$1`) directly in the output that is intended for the host LLM. If `$1` contains malicious instructions or prompt injection attempts, these will be passed to the LLM, potentially manipulating its behavior or extracting sensitive information. Sanitize or validate the `$1` variable to ensure it only contains expected date formats or plain text, preventing arbitrary instructions from being passed to the LLM. Consider using a strict allowlist for input characters or encoding the output if it's not meant to be interpreted as natural language. | LLM | scripts/generate-briefing.sh:8 | |
| MEDIUM | Missing required field: name The 'name' field is required for claude_code skills but is missing from frontmatter. Add a 'name' field to the SKILL.md frontmatter. | Static | skills/lucas-riverbi/morning-briefing/SKILL.md:1 | |
| INFO | Personal data (PII) processed by LLM The skill gathers personal reminders (via `remindctl`) and Notion tasks, which are then output to stdout for the host LLM (Clawdbot) to capture and use. This means sensitive personal information will be exposed to and processed by the LLM. Users should be aware of the privacy implications. Clearly inform users about the type of personal data being processed by the LLM. Implement data minimization techniques if possible, or offer options to redact sensitive information before it reaches the LLM. Ensure compliance with relevant privacy regulations. | LLM | scripts/generate-briefing.sh:13 |
Scan History
Embed Code
[](https://skillshield.io/report/085605f4220738fa)
Powered by SkillShield