Trust Assessment
paprika received a trust score of 80/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 3 findings: 0 critical, 1 high, 1 medium, and 1 low severity. Key findings include Potential Command Injection via External Binary Execution, Credential Exposure via Environment Variables, Supply Chain Risk from Unverified CLI Tool.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Potential Command Injection via External Binary Execution The skill is designed to execute an external binary (`paprika`) with arguments derived from user input. If the LLM does not properly sanitize or escape user-provided strings before constructing the shell command, a malicious user could inject arbitrary shell commands. For example, passing input like `"Recipe Name"; rm -rf /` could lead to severe system compromise if not handled correctly by the LLM's command generation logic. Ensure that all user-provided inputs passed as arguments to external binaries are rigorously sanitized and shell-escaped. Use a safe command execution mechanism that avoids direct shell interpretation of arguments, such as passing arguments as a list to `subprocess.run` (Python) or similar API in other languages, rather than constructing a single shell string. | LLM | SKILL.md:20 | |
| MEDIUM | Credential Exposure via Environment Variables The skill's setup instructions suggest storing sensitive credentials (email and password) directly as environment variables (`PAPRIKA_EMAIL`, `PAPRIKA_PASSWORD`). While common for CLI tools, this method can expose credentials to other processes on the system or to logs if not handled carefully. If the `paprika` binary itself is compromised or the LLM inadvertently exposes its environment, these credentials could be leaked. Recommend more secure methods for credential storage, such as using a dedicated secrets manager, an encrypted configuration file, or an interactive prompt that does not store credentials persistently in plain text environment variables. If environment variables must be used, emphasize strict access controls on the execution environment. | LLM | SKILL.md:15 | |
| LOW | Supply Chain Risk from Unverified CLI Tool The skill requires the installation of an external CLI tool (`paprika-recipe-cli`) via `npm install -g`. This introduces a supply chain risk, as the integrity and security of this third-party package cannot be guaranteed. A compromised or malicious package could execute arbitrary code during installation or runtime. Verify the authenticity and security of all third-party dependencies. Consider using package integrity checks (e.g., `npm audit`, checksums) and sourcing packages from trusted registries. Regularly review the dependency's codebase for vulnerabilities. | LLM | SKILL.md:10 |
Scan History
Embed Code
[](https://skillshield.io/report/244958bb6b87646f)
Powered by SkillShield