Trust Assessment
pget received a trust score of 67/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 3 findings: 0 critical, 2 high, 1 medium, and 0 low severity. Key findings include Potential Command Injection via unsanitized arguments, Potential Directory Traversal during tar extraction, Excessive file system write permissions.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 63/100, indicating areas for improvement.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Potential Command Injection via unsanitized arguments The skill describes `pget` commands that take user-provided arguments such as `<url>`, `<dest>`, and `<manifest-path>`. If the LLM directly interpolates untrusted user input into these arguments without proper sanitization (e.g., escaping shell metacharacters), an attacker could inject arbitrary shell commands. For example, providing `'; rm -rf /'` as a destination could lead to arbitrary code execution on the host system. Implement robust input sanitization and validation for all user-provided arguments before constructing and executing shell commands. Use a safe command execution library that handles argument escaping, or explicitly quote/escape all user-controlled parts of the command. Consider using a dedicated API for file downloads rather than shelling out to `pget` directly. | LLM | SKILL.md:18 | |
| HIGH | Potential Directory Traversal during tar extraction The skill highlights the `-x` flag for `pget`, which extracts tar archives in-memory. If a malicious tar archive is downloaded and extracted, it could contain files with paths like `../../etc/passwd`, leading to directory traversal and overwriting arbitrary files on the system where the skill is executed. This is a specific form of file system manipulation that can lead to data corruption or privilege escalation. Ensure that `pget` (or the underlying tar extraction mechanism) is configured to prevent directory traversal by stripping leading `../` components from paths within the archive. Alternatively, perform tar extraction in a chrooted or sandboxed environment with restricted write access. | LLM | SKILL.md:29 | |
| MEDIUM | Excessive file system write permissions The `pget` skill allows downloading files to an arbitrary `<dest>` path and extracting tar archives, which implies writing files to the filesystem. If the skill is executed with broad write permissions, it could be used to overwrite critical system files, place malicious executables, or fill up disk space, even without explicit command injection. This broad write capability increases the blast radius of any successful exploit. Restrict the skill's execution environment to a sandboxed directory with minimal write permissions. Implement allow-listing for destination paths if possible, or at least prevent writing to sensitive system directories (e.g., `/etc`, `/usr/bin`). | LLM | SKILL.md:18 |
Scan History
Embed Code
[](https://skillshield.io/report/e08365c820773216)
Powered by SkillShield