Trust Assessment
pi-orchestration received a trust score of 10/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 18 findings: 10 critical, 8 high, 0 medium, and 0 low severity. Key findings include Arbitrary command execution, Dangerous call: subprocess.run(), Dangerous call: os.system().
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The Manifest Analysis layer scored lowest at 0/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings18
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Arbitrary command execution Python shell execution (os.system, subprocess) Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/dbhurley/pi-orchestration/scripts/orchestrate.py:92 | |
| CRITICAL | Arbitrary command execution Python shell execution (os.system, subprocess) Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/dbhurley/pi-orchestration/scripts/orchestrate.py:93 | |
| CRITICAL | Arbitrary command execution Python shell execution (os.system, subprocess) Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/dbhurley/pi-orchestration/scripts/orchestrate.py:114 | |
| CRITICAL | Arbitrary command execution Python shell execution (os.system, subprocess) Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/dbhurley/pi-orchestration/scripts/orchestrate.py:133 | |
| CRITICAL | Arbitrary command execution Python shell execution (os.system, subprocess) Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/dbhurley/pi-orchestration/scripts/orchestrate.py:167 | |
| CRITICAL | Arbitrary command execution Python shell execution (os.system, subprocess) Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/dbhurley/pi-orchestration/scripts/orchestrate.py:202 | |
| CRITICAL | Arbitrary command execution Python shell execution (os.system, subprocess) Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/dbhurley/pi-orchestration/scripts/orchestrate.py:235 | |
| CRITICAL | Arbitrary command execution Python shell execution (os.system, subprocess) Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/dbhurley/pi-orchestration/scripts/orchestrate.py:236 | |
| CRITICAL | Dangerous call: os.system() Call to 'os.system()' detected in function 'spawn'. This can execute arbitrary code. Avoid using dangerous functions like exec/eval/os.system. Use safer alternatives. | Static | skills/dbhurley/pi-orchestration/scripts/orchestrate.py:114 | |
| CRITICAL | Command Injection via 'task' argument in orchestrate.py The `spawn` command in `scripts/orchestrate.py` constructs a shell command using an f-string: `cmd = f'pi --provider {provider} --model {model_name} -p "{task}"'`. The `task` variable, which is user-controlled input, is directly embedded into this command string without proper sanitization or escaping. This allows an attacker to inject arbitrary shell commands by providing a `task` value containing shell metacharacters (e.g., `"; rm -rf /; echo "`). This injected command will be executed either via `tmux send-keys` (when `background` is true) or `os.system` (when `background` is false), leading to arbitrary code execution. 1. **Avoid `os.system()`**: Replace `os.system(cmd)` with `subprocess.run()` using `shell=False` and passing the command and arguments as a list (e.g., `subprocess.run(["pi", "--provider", provider, "--model", model_name, "-p", task], check=True)`). 2. **Escape `task` for `tmux send-keys`**: When constructing the `cmd` string for `tmux send-keys`, use `shlex.quote()` to properly escape the `task` argument to prevent shell metacharacter interpretation. For example: `cmd = f'pi --provider {provider} --model {model_name} -p {shlex.quote(task)}'`. | LLM | scripts/orchestrate.py:100 | |
| HIGH | Dangerous call: subprocess.run() Call to 'subprocess.run()' detected in function 'spawn'. This can execute arbitrary code. Avoid using dangerous functions like exec/eval/os.system. Use safer alternatives. | Static | skills/dbhurley/pi-orchestration/scripts/orchestrate.py:92 | |
| HIGH | Dangerous call: subprocess.run() Call to 'subprocess.run()' detected in function 'spawn'. This can execute arbitrary code. Avoid using dangerous functions like exec/eval/os.system. Use safer alternatives. | Static | skills/dbhurley/pi-orchestration/scripts/orchestrate.py:93 | |
| HIGH | Dangerous call: subprocess.run() Call to 'subprocess.run()' detected in function 'status'. This can execute arbitrary code. Avoid using dangerous functions like exec/eval/os.system. Use safer alternatives. | Static | skills/dbhurley/pi-orchestration/scripts/orchestrate.py:133 | |
| HIGH | Dangerous call: subprocess.run() Call to 'subprocess.run()' detected in function 'collect'. This can execute arbitrary code. Avoid using dangerous functions like exec/eval/os.system. Use safer alternatives. | Static | skills/dbhurley/pi-orchestration/scripts/orchestrate.py:167 | |
| HIGH | Dangerous call: subprocess.run() Call to 'subprocess.run()' detected in function 'kill'. This can execute arbitrary code. Avoid using dangerous functions like exec/eval/os.system. Use safer alternatives. | Static | skills/dbhurley/pi-orchestration/scripts/orchestrate.py:202 | |
| HIGH | Dangerous call: subprocess.run() Call to 'subprocess.run()' detected in function 'parallel'. This can execute arbitrary code. Avoid using dangerous functions like exec/eval/os.system. Use safer alternatives. | Static | skills/dbhurley/pi-orchestration/scripts/orchestrate.py:235 | |
| HIGH | Dangerous call: subprocess.run() Call to 'subprocess.run()' detected in function 'parallel'. This can execute arbitrary code. Avoid using dangerous functions like exec/eval/os.system. Use safer alternatives. | Static | skills/dbhurley/pi-orchestration/scripts/orchestrate.py:236 | |
| HIGH | Arbitrary file write via '--output' in 'collect' command The `collect` command in `scripts/orchestrate.py` allows a user to specify an `--output` file path. The script then writes the collected worker output directly to this path using `Path(output).write_text()`. An attacker could specify an arbitrary file path, potentially overwriting critical system files (e.g., `/etc/passwd`) or writing sensitive collected data to a location accessible to them, leading to data exfiltration or denial of service. 1. **Validate output path**: Restrict the `--output` path to a specific, sandboxed directory (e.g., a `results` subdirectory within the skill's data directory). 2. **Sanitize path**: Ensure the path does not contain directory traversal sequences (e.g., `../`). 3. **Confirm overwrite**: If writing to an existing file, prompt the user for confirmation before overwriting. | LLM | scripts/orchestrate.py:186 |
Scan History
Embed Code
[](https://skillshield.io/report/7ab990da9c5de9f6)
Powered by SkillShield