Trust Assessment
prism-scanner received a trust score of 86/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 1 finding: 0 critical, 1 high, 0 medium, and 0 low severity. Key findings include Command Injection via unsanitized user input in curl URL.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Command Injection via unsanitized user input in curl URL The `TOKEN` variable, which directly receives user input, is unsafely interpolated into the URL path of `curl` commands within `scripts/scan.sh`. An attacker can inject shell metacharacters (e.g., `;`, `&`, `|`, `` ` ``) into the `TOKEN` argument, leading to arbitrary command execution on the host system. For example, providing `PEPE; rm -rf /` as the token could execute `rm -rf /`. The `TOKEN` variable must be properly sanitized or URL-encoded before being used in the `curl` command's URL path. For example, use a function to URL-encode the token or validate its content to ensure it only contains safe characters. If the API expects a path component, URL encoding is the most robust solution. Alternatively, if the API supports it, pass the token as a query parameter or in the request body using `--data-urlencode`. | LLM | scripts/scan.sh:11 |
Scan History
Embed Code
[](https://skillshield.io/report/88dd974699ddc404)
Powered by SkillShield