Trust Assessment
netlify received a trust score of 65/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 3 findings: 1 critical, 1 high, 1 medium, and 0 low severity. Key findings include Unsanitized SITE_DIR leads to command injection via pushd, Unsanitized SITE_NAME or ACCOUNT_SLUG leads to command injection in netlify arguments, Unsanitized HUGO_VERSION allows injection into Netlify build environment variables.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 48/100, indicating areas for improvement.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Unsanitized SITE_DIR leads to command injection via pushd The `SITE_DIR` variable (`$1`) in `scripts/netlify_monorepo_site.sh` is directly used in `pushd "$SITE_DIR"`. If `SITE_DIR` contains command substitution (e.g., `$(evil_command)`), the shell will execute `evil_command` before `pushd` attempts to change directory, leading to arbitrary command execution. Validate and sanitize `SITE_DIR` to ensure it's a safe path and does not contain shell metacharacters or command substitutions. Consider using `cd` with proper validation instead of `pushd` if `pushd` is not strictly necessary, or ensure the input is strictly a directory name. | LLM | scripts/netlify_monorepo_site.sh:19 | |
| HIGH | Unsanitized SITE_NAME or ACCOUNT_SLUG leads to command injection in netlify arguments The `SITE_NAME` (`$2`) and `ACCOUNT_SLUG` (`$3`) variables in `scripts/netlify_monorepo_site.sh` are directly interpolated into the `CREATE_ARGS` array and then passed to the `netlify` command. If these variables contain shell metacharacters or command substitutions (e.g., `my-site --token $(cat /etc/passwd)`), the shell will execute the embedded command before passing arguments to `netlify`, leading to arbitrary command execution. Validate and sanitize `SITE_NAME` and `ACCOUNT_SLUG` to ensure they only contain characters valid for Netlify site names and account slugs, and do not contain shell metacharacters or command substitutions. | LLM | scripts/netlify_monorepo_site.sh:30 | |
| MEDIUM | Unsanitized HUGO_VERSION allows injection into Netlify build environment variables The `HUGO_VERSION` variable (`$1`) in `scripts/hugo_netlify_toml.sh`, which is user-controlled, is directly written into `netlify.toml` as an environment variable (`[build.environment] HUGO_VERSION = "${HUGO_VERSION}"`). If a malicious string containing shell metacharacters or commands (e.g., `0.155.1; rm -rf /`) is injected, it could be executed by Netlify's build system if it evaluates environment variables in a shell context, leading to command injection during the build process. Validate `HUGO_VERSION` to ensure it adheres to a strict version format (e.g., semantic versioning) and does not contain any shell metacharacters. | LLM | scripts/hugo_netlify_toml.sh:10 |
Scan History
Embed Code
[](https://skillshield.io/report/cccb10bbfcf2d7f1)
Powered by SkillShield