Trust Assessment
phone-calls received a trust score of 35/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 4 findings: 2 critical, 2 high, 0 medium, and 0 low severity. Key findings include Hardcoded OpenAI API Key detected, Command Injection via User-Supplied Arguments in bland.sh, Command Injection via External API Response in phone-call.sh.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 40/100, indicating areas for improvement.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings4
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Command Injection via User-Supplied Arguments in bland.sh The `bland.sh` script directly uses user-supplied command-line arguments (e.g., `call_id`, `json_body`, `limit`) within double-quoted strings in `curl` commands. Bash performs command substitution (`$(...)`) and backtick substitution (`` `...` ``) even within double-quoted strings. This allows a malicious user to inject and execute arbitrary shell commands by providing specially crafted arguments. For example, `./bland.sh status "$(id)"` would execute the `id` command. Validate and sanitize all user-supplied arguments to remove or escape shell metacharacters, especially command substitution syntax (`$()`, `` ` ``), before using them in shell commands. For IDs and limits, ensure they are strictly alphanumeric or numeric. For JSON bodies, ensure they are valid JSON and do not contain shell metacharacters that could be interpreted by the shell. | LLM | bland.sh:59 | |
| CRITICAL | Command Injection via External API Response in phone-call.sh The `phone-call.sh` script retrieves a `CALL_ID` from the response of an external Bland AI API call. This `CALL_ID` is then directly used as an argument when executing `check-call.sh` (e.g., `"$SCRIPT_DIR/check-call.sh" "$CALL_ID" --json`). If the external Bland AI API is compromised or returns a specially crafted `call_id` containing shell command substitution (e.g., `$(evil_command)`), the `evil_command` would be executed on the system running `phone-call.sh`. This is a command injection vulnerability stemming from trusting external API output. The `CALL_ID` obtained from the external API response must be strictly validated and sanitized to ensure it does not contain shell metacharacters, especially command substitution syntax (`$()`, `` ` ``), before being passed as an argument to `check-call.sh`. Ensure `CALL_ID` is strictly alphanumeric or matches an expected ID format. | LLM | phone-call.sh:199 | |
| HIGH | Hardcoded OpenAI API Key detected A hardcoded OpenAI API Key was found. Secrets should be stored in environment variables or a secret manager. Replace the hardcoded secret with an environment variable reference. | Static | skills/dru-ca/phone-calls-bland/SKILL.md:35 | |
| HIGH | Hardcoded OpenAI API Key detected A hardcoded OpenAI API Key was found. Secrets should be stored in environment variables or a secret manager. Replace the hardcoded secret with an environment variable reference. | Static | skills/dru-ca/phone-calls-bland/SKILL.md:41 |
Scan History
Embed Code
[](https://skillshield.io/report/fcf48da26da63a00)
Powered by SkillShield