Trust Assessment
paperpod received a trust score of 65/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 3 findings: 1 critical, 2 high, 0 medium, and 0 low severity. Key findings include Skill enables arbitrary shell command injection, Skill grants broad file system read/write access, Skill grants broad browser automation and data scraping capabilities.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 40/100, indicating areas for improvement.
Last analyzed on February 12, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Skill enables arbitrary shell command injection The `paperpod` skill explicitly provides capabilities for executing arbitrary shell commands via `ppod exec <cmd>` (CLI) and `POST /execute` (HTTP API). An AI agent utilizing this skill, if compromised by a prompt injection, could be instructed to execute arbitrary and potentially malicious commands within its isolated sandbox. This represents a direct command injection vulnerability through the agent's interaction with the skill. Implement strict input validation and sanitization for any user-provided input that could be passed to `ppod exec` or the `/execute` endpoint. Consider limiting the set of allowed commands or requiring explicit user confirmation for any command execution, especially if the command originates from untrusted input. | LLM | SKILL.md:50 | |
| HIGH | Skill grants broad file system read/write access The `paperpod` skill allows agents to read and write files within its sandbox using commands such as `ppod read <path>`, `ppod write <path>`, `POST /files/read`, and `POST /files/write`. While the sandbox is isolated, a compromised agent could read sensitive files processed during its task or write malicious content, potentially leading to data exfiltration or integrity issues. Implement strict access controls and validation for file paths. Ensure agents only access files strictly necessary for their tasks. Consider requiring explicit user confirmation for file write operations, especially for critical paths or when content originates from untrusted sources. | LLM | SKILL.md:51 | |
| HIGH | Skill grants broad browser automation and data scraping capabilities The `paperpod` skill includes extensive browser automation features, such as `ppod browser:scrape <url> [sel]`, `ppod browser:screenshot`, and `ppod browser:pdf`. A compromised agent could be instructed to visit malicious websites, scrape sensitive information from web pages, or perform unauthorized actions on behalf of the user through the browser, leading to data exfiltration or privacy violations. Implement strict URL validation and allow-listing for browser automation. Require explicit user confirmation before navigating to external or untrusted URLs or performing scraping operations on sensitive sites. Limit the scope of data that can be scraped. | LLM | SKILL.md:63 |
Scan History
Embed Code
[](https://skillshield.io/report/1aac4e3cda7879e4)
Powered by SkillShield