Trust Assessment
press-release-writing received a trust score of 65/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 2 findings: 1 critical, 1 high, 0 medium, and 0 low severity. Key findings include Unpermitted Shell Command for CLI Installation, Unpermitted Shell Command for Skill Installation.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 55/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings2
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Unpermitted Shell Command for CLI Installation The skill includes a `curl | sh` command in its 'Quick Start' section. This command downloads and executes a script from `https://cli.inference.sh` directly into the shell. This constitutes arbitrary code execution from an unpinned remote source. The declared permissions for this skill are `Bash(infsh *)`, which only permits commands starting with `infsh`. The `curl | sh` command is a general shell command and is not covered by these declared permissions. If an LLM or user were to execute this instruction, it would bypass the intended permission scope and introduce a severe supply chain risk and potential command injection. Remove the `curl | sh` command from the skill. If CLI installation instructions are necessary, they should be provided in external documentation or a separate, explicitly permitted setup script. If `curl` and `sh` are truly required for the skill's functionality, the `allowed-tools` permission should be broadened to `Bash(*)` or `Bash(curl *, sh *)`, but this would significantly increase the skill's attack surface. | LLM | SKILL.md:8 | |
| HIGH | Unpermitted Shell Command for Skill Installation The skill includes `npx skills add` commands in its 'Related Skills' section. These commands use `npx` (Node.js package runner) to install other skills. The declared permissions for this skill are `Bash(infsh *)`, which only permits commands starting with `infsh`. The `npx` command is a general shell command and is not covered by these declared permissions. If an LLM or user were to execute this instruction, it would bypass the intended permission scope. While `npx` is often used for package management, its execution without explicit permission is a security concern. Remove the `npx skills add` commands from the skill. If related skills are necessary, they should be listed as dependencies or suggested for manual installation outside the skill's execution context. If `npx` is truly required for the skill's functionality, the `allowed-tools` permission should be broadened to `Bash(*)` or `Bash(npx *)`, but this would significantly increase the skill's attack surface. | LLM | SKILL.md:199 |
Scan History
Embed Code
[](https://skillshield.io/report/90c57d8e3db2124f)
Powered by SkillShield