Trust Assessment
nano-triple received a trust score of 72/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 1 finding: 1 critical, 0 high, 0 medium, and 0 low severity. Key findings include Command Injection via unsanitized user prompt in shell command.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 12, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Command Injection via unsanitized user prompt in shell command The skill directly interpolates `[USER'S EXACT PROMPT]` into a `uv run` shell command without apparent sanitization or escaping. The instruction 'Use the user's EXACT prompt for all 3. Don't modify it, don't get creative.' reinforces that the user's input is used verbatim. A malicious user could craft a prompt containing shell commands (e.g., `a cat --filename "evil.sh" && rm -rf /`) to achieve arbitrary code execution on the host system, leading to data exfiltration, system compromise, or denial of service. Implement robust input sanitization and escaping for `[USER'S EXACT PROMPT]` before it is passed as an argument to the `uv run` command. Ideally, use a method that passes arguments directly to the Python script without shell interpretation (e.g., `subprocess.run` with `shell=False` and arguments as a list), or ensure the shell command is properly quoted and escaped for all possible user inputs using a function like `shlex.quote()` if constructing the command string. | LLM | SKILL.md:22 |
Scan History
Embed Code
[](https://skillshield.io/report/141714eed36ec082)
Powered by SkillShield