Trust Assessment
pitch-gen received a trust score of 58/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 4 findings: 1 critical, 1 high, 1 medium, and 0 low severity. Key findings include Unpinned npm dependency version, Direct user input used in LLM prompt, User-controlled output path allows arbitrary file write.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 55/100, indicating areas for improvement.
Last analyzed on February 12, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings4
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Direct user input used in LLM prompt The 'idea' argument, which is direct user input from the command line, is directly interpolated into the LLM's user message without any sanitization or validation. An attacker can craft a malicious 'idea' string to perform prompt injection, overriding the system instructions, extracting sensitive information, or generating harmful content. Implement robust input sanitization and validation for the 'idea' argument. Consider using a separate, isolated LLM call for input validation, or employing techniques like prompt templating with strict variable substitution, or using a 'red-teaming' LLM to check for malicious input before passing it to the main LLM. For critical applications, consider using a separate LLM call to re-evaluate the user's intent after the initial prompt. | LLM | src/index.ts:9 | |
| HIGH | User-controlled output path allows arbitrary file write The '--output' option allows the user to specify an arbitrary file path for writing the generated pitch content. This can lead to path traversal vulnerabilities, allowing an attacker to write to any location on the filesystem where the process has write permissions. This could overwrite critical system files, configuration files, or user data, leading to denial of service, data corruption, or potentially remote code execution if an executable file is overwritten or created in a sensitive location (e.g., a cron job, a startup script, or a web server's document root). Validate and sanitize the 'options.output' path. Restrict output to a specific, designated directory (e.g., a 'temp' folder or a user's home directory). Use 'path.resolve()' and 'path.normalize()' to prevent path traversal, and ensure the resolved path remains strictly within an allowed base directory. | LLM | src/cli.ts:15 | |
| MEDIUM | Unpinned npm dependency version Dependency 'commander' is not pinned to an exact version ('^12.1.0'). Pin dependencies to exact versions to reduce drift and supply-chain risk. | Dependencies | skills/lxgicstudios/pitch-gen/package.json | |
| INFO | OpenAI API key loaded from environment variables The OpenAI client is initialized without explicitly providing an API key, meaning it will attempt to load the 'OPENAI_API_KEY' from environment variables. While this is standard practice for secure API key management, it means the skill requires access to this sensitive credential. If the skill were to be compromised (e.g., via prompt injection leading to data exfiltration through the LLM, or command injection), this credential could be at risk. Ensure the environment where this skill runs has strict access controls for environment variables. Follow the principle of least privilege for the process running this skill. For production deployments, consider using cloud-native secret management solutions (e.g., AWS Secrets Manager, Azure Key Vault, GCP Secret Manager) instead of direct environment variables. | LLM | src/index.ts:3 |
Scan History
Embed Code
[](https://skillshield.io/report/105a1dd868af5c43)
Powered by SkillShield