Trust Assessment
morning-email-rollup received a trust score of 58/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 3 findings: 1 critical, 0 high, 2 medium, and 0 low severity. Key findings include Sensitive environment variable access: $HOME, Shell command injection via email body in Gemini prompt, Unpinned external binary dependencies.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 63/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Shell command injection via email body in Gemini prompt The `summarize_email` function constructs a prompt for the `gemini` CLI by directly embedding the `$body` variable (which contains the email's content) into a double-quoted string. If an attacker sends an email containing shell metacharacters or command substitutions (e.g., `$(evil_command)` or `` `evil_command` ``) in its body, these commands will be executed by the shell when the `gemini` command is invoked. This allows for arbitrary command execution on the host system with the privileges of the skill. The `$body` variable must be properly escaped to prevent shell expansion of its contents, or a safer method of passing the email body to the `gemini` CLI should be used. This could involve writing the body to a temporary file and passing the file path to `gemini` (if supported), or using a programming language that offers safer subprocess execution methods that do not perform shell expansion on arguments. | LLM | rollup.sh:69 | |
| MEDIUM | Sensitive environment variable access: $HOME Access to sensitive environment variable '$HOME' detected in shell context. Verify this environment variable access is necessary and the value is not exfiltrated. | Static | skills/am-will/morning-email-rollup/rollup.sh:9 | |
| MEDIUM | Unpinned external binary dependencies The skill relies on external binaries (`gog`, `gemini`, `jq`) without specifying or pinning their versions. This introduces a supply chain risk where updates to these tools could introduce breaking changes, vulnerabilities, or malicious behavior that would automatically affect the skill without explicit review. While `date` is a standard system utility, `gog`, `gemini`, and `jq` are external dependencies. Specify exact versions for external binary dependencies in the manifest or provide clear instructions for users to install specific versions. If direct version pinning is not supported by the ecosystem, document the recommended versions and advise users to verify tool integrity before updating. | LLM | Manifest |
Scan History
Embed Code
[](https://skillshield.io/report/9c4ecab2b38dfacc)
Powered by SkillShield