Trust Assessment
newsletter-generator received a trust score of 67/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 4 findings: 0 critical, 2 high, 1 medium, and 1 low severity. Key findings include Arbitrary File Write via --output argument in curate_content.py, Potential Arbitrary File Write via --output argument in generate_newsletter.py, Potential SSRF/XXE vulnerability if feedparser is implemented.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 61/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings4
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Arbitrary File Write via --output argument in curate_content.py The `scripts/curate_content.py` script allows users to specify an arbitrary output file path via the `--output` command-line argument. This enables an attacker to write curated content to any location on the filesystem where the script has write permissions, potentially overwriting critical system files or creating malicious files in sensitive directories. This is a direct command injection vulnerability. Restrict the `--output` argument to a specific, sandboxed directory (e.g., a `temp/` or `output/` folder within the skill's own directory). Validate the path to ensure it does not contain directory traversal sequences (e.g., `../`) and is not an absolute path outside the designated output directory. | LLM | scripts/curate_content.py:69 | |
| HIGH | Potential Arbitrary File Write via --output argument in generate_newsletter.py Although the full code for `scripts/generate_newsletter.py` is truncated, the `SKILL.md` examples clearly show the use of an `--output` argument (e.g., `python3 scripts/generate_newsletter.py --output newsletter.md`). Given the pattern in `curate_content.py` and the explicit parameter definition, it is highly probable that `generate_newsletter.py` also writes to a user-specified file path without proper validation, leading to the same arbitrary file write vulnerability as identified in `curate_content.py`. Restrict the `--output` argument to a specific, sandboxed directory (e.g., a `temp/` or `output/` folder within the skill's own directory). Validate the path to ensure it does not contain directory traversal sequences (e.g., `../`) and is not an absolute path outside the designated output directory. | LLM | scripts/generate_newsletter.py | |
| MEDIUM | Potential SSRF/XXE vulnerability if feedparser is implemented The `scripts/curate_content.py` script is designed to process RSS feeds from user-provided URLs (`--rss-feeds`). While currently mocked, the comments explicitly indicate an intention to use `feedparser` in production. If `feedparser` is used without proper sanitization or network restrictions, it could be vulnerable to Server-Side Request Forgery (SSRF) by fetching internal resources or XML External Entity (XXE) attacks if the RSS feed contains malicious XML entities, potentially leading to data exfiltration or denial of service. When implementing `feedparser` or any other URL fetching library, ensure: 1. Network requests are restricted to external, public IPs. 2. Implement timeouts and size limits for fetched content. 3. Sanitize or disable DTD processing if using an XML parser directly. 4. Pin `feedparser` to a known secure version in `requirements.txt`. | LLM | scripts/curate_content.py:30 | |
| LOW | Unpinned dependencies for external libraries The skill implies the use of external libraries like `feedparser` (in `curate_content.py`). However, there is no `requirements.txt` or similar file provided to pin these dependencies to specific versions. This increases the risk of supply chain attacks if a malicious version of a dependency is published or if an unpatched vulnerability exists in a newer version. Create a `requirements.txt` or `pyproject.toml` file and pin all external dependencies to specific, known-good versions (e.g., `feedparser==6.0.1`). Regularly audit and update these dependencies. | LLM | scripts/curate_content.py:30 |
Scan History
Embed Code
[](https://skillshield.io/report/34770714328ec3bc)
Powered by SkillShield