Trust Assessment
omnifocus received a trust score of 72/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 1 finding: 1 critical, 0 high, 0 medium, and 0 low severity. Key findings include Shell Command Injection via osascript arguments.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 12, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Shell Command Injection via osascript arguments The skill instructs the LLM to construct and execute shell commands using `osascript`. User-provided input (e.g., task names, notes, dates, search terms) is directly interpolated into the command arguments without proper shell escaping. This allows an attacker to inject arbitrary shell commands by crafting malicious input that breaks out of the intended argument string. For example, if a user provides 'My task"; rm -rf /; echo "' as a task name, the `rm -rf /` command would be executed on the host system. All user-provided arguments passed to `osascript` must be properly escaped for the shell. Implement a robust shell escaping mechanism (e.g., `shlex.quote` in Python, or similar functions in other languages) to ensure that special characters in user input are treated as literal strings and do not allow command injection. | LLM | SKILL.md:19 |
Scan History
Embed Code
[](https://skillshield.io/report/051d76bb20aa61e6)
Powered by SkillShield