Trust Assessment
prepare-pr received a trust score of 72/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 1 finding: 1 critical, 0 high, 0 medium, and 0 low severity. Key findings include Potential Command Injection via unsanitized user input.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 18, 2026 (commit b62bd290). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Potential Command Injection via unsanitized user input The skill instructs the agent to execute shell commands that incorporate user-provided input directly. Specifically, the `<PR>` placeholder, which represents a PR number or URL, is used in commands like `scripts/pr-prepare init <PR>`, `scripts/pr-prepare gates <PR>`, `scripts/pr-prepare push <PR>`, and `scripts/pr-prepare run <PR>`. If the agent does not strictly sanitize or validate this input before execution, an attacker could inject arbitrary shell commands (e.g., `123; rm -rf /`) leading to arbitrary code execution on the host system. The agent executing this skill must implement robust input validation and sanitization for all user-provided arguments, especially those passed to shell commands. For `<PR>`, this could involve validating it against a strict regex for PR numbers or URLs, and escaping all shell metacharacters before passing it to the `scripts/pr-prepare` commands. The skill author should explicitly document this requirement for the agent. | LLM | SKILL.md:34 |
Scan History
Embed Code
[](https://skillshield.io/report/1c7535689e89ca4f)
Powered by SkillShield