Trust Assessment
pokemon received a trust score of 86/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 1 finding: 0 critical, 1 high, 0 medium, and 0 low severity. Key findings include Potential Command Injection via User Input.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Potential Command Injection via User Input The skill instructs the AI agent to construct shell commands by directly embedding user-provided input (e.g., 'name', 'id', 'query', 'type') into command strings. If the agent or the underlying 'pokemon' script does not properly sanitize or escape this input, a malicious user could inject arbitrary shell commands. For example, if a user provides input like 'charizard; rm -rf /', it could lead to unintended command execution. The AI agent must rigorously sanitize and escape all user-provided input before incorporating it into shell commands. Prefer using methods that pass arguments as an array (e.g., `subprocess.run` with `shell=False` in Python) rather than constructing a single shell string. If shell string construction is unavoidable, ensure robust escaping (e.g., using `printf %q` in bash) is applied to all user-controlled variables. | LLM | SKILL.md:70 |
Scan History
Embed Code
[](https://skillshield.io/report/ab0f27aeb20f4d8d)
Powered by SkillShield