Trust Assessment
opensysinfo-skill received a trust score of 65/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 4 findings: 1 critical, 2 high, 1 medium, and 0 low severity. Key findings include Arbitrary command execution via DISK_PATH argument, Python code injection or JSON structure manipulation via DISK_PATH in JSON output, JSON structure manipulation via DISK_PATH in printf JSON fallback.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 33/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings4
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Arbitrary command execution via DISK_PATH argument The user-controlled `DISK_PATH` variable is directly interpolated into `df` commands without proper sanitization. This allows an attacker to inject shell metacharacters (e.g., `;`, `|`, `$(...)`) to execute arbitrary commands on the host system. Validate `DISK_PATH` to ensure it contains only valid path characters and does not include shell metacharacters. Alternatively, use a safer method to query disk usage that does not involve direct shell interpolation of user input, or explicitly escape the path for shell execution (e.g., using `printf %q`). | LLM | scripts/sysinfo.sh:84 | |
| HIGH | Python code injection or JSON structure manipulation via DISK_PATH in JSON output When generating JSON output using the Python interpreter (if available), the user-controlled `DISK_PATH` variable is directly interpolated into the Python script's string literals within a heredoc. If `DISK_PATH` contains double quotes or other Python string-breaking characters, it can lead to Python syntax errors, arbitrary Python code execution, or manipulation of the JSON structure. Use the `esc()` function (already defined in the script) to properly escape the `DISK_PATH` variable before interpolating it into the Python heredoc. A more robust solution would be to pass `DISK_PATH` as a command-line argument to the Python script and let Python handle its string representation. | LLM | scripts/sysinfo.sh:136 | |
| HIGH | JSON structure manipulation via DISK_PATH in printf JSON fallback When generating JSON output using the `printf` fallback (if Python is not available), the user-controlled `DISK_PATH` variable is directly inserted into the JSON string without escaping double quotes or backslashes. This allows an attacker to break the JSON structure, potentially leading to data exfiltration or misinterpretation by downstream systems. Apply the `esc()` function (already defined in the script) to the `DISK_PATH` variable before passing it to `printf` to ensure proper JSON string escaping. | LLM | scripts/sysinfo.sh:148 | |
| MEDIUM | Potential prompt injection via DISK_PATH in human-readable output The user-controlled `DISK_PATH` variable is directly echoed in the human-readable text output. If this output is subsequently fed to a Large Language Model (LLM), an attacker could craft `DISK_PATH` to include instructions that manipulate the LLM's behavior. Sanitize `DISK_PATH` to remove or escape characters that could be interpreted as LLM instructions or control characters, especially if the output is intended for LLM consumption. | LLM | scripts/sysinfo.sh:160 |
Scan History
Embed Code
[](https://skillshield.io/report/2eb9ffa71f8b239b)
Powered by SkillShield