Trust Assessment
project-orchestrator received a trust score of 65/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 4 findings: 0 critical, 4 high, 0 medium, and 0 low severity. Key findings include Unsanitized input in scripts/context.sh leads to command injection, Unsanitized input in scripts/plan.sh leads to command injection (URL paths), Unsanitized input in scripts/plan.sh leads to command injection (JSON payload).
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 40/100, indicating areas for improvement.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings4
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Unsanitized input in scripts/context.sh leads to command injection The `TASK_ID` and `PLAN_ID` variables are directly interpolated into the `curl` command's URL path without proper sanitization. An attacker providing specially crafted input (e.g., containing shell metacharacters like `;`, `$(...)`, or backticks) for these arguments could execute arbitrary shell commands on the system running the script. Sanitize or properly escape user-supplied variables before interpolating them into shell commands or URLs. For URLs, URL-encode the path segments. For shell commands, use `printf %q` or ensure variables are quoted and do not contain shell metacharacters. Consider using a more robust HTTP client library that handles URL encoding automatically. | LLM | scripts/context.sh:24 | |
| HIGH | Unsanitized input in scripts/plan.sh leads to command injection (URL paths) The `PLAN_ID` and `TASK_ID` variables are directly interpolated into `curl` command URLs without proper sanitization. An attacker providing specially crafted input (e.g., containing shell metacharacters like `;`, `$(...)`, or backticks) for these arguments could execute arbitrary shell commands on the system running the script. Sanitize or properly escape user-supplied variables before interpolating them into shell commands or URLs. For URLs, URL-encode the path segments. For shell commands, use `printf %q` or ensure variables are quoted and do not contain shell metacharacters. | LLM | scripts/plan.sh:20 | |
| HIGH | Unsanitized input in scripts/plan.sh leads to command injection (JSON payload) The `TITLE`, `DESC`, and `RATIONALE` variables are directly interpolated into JSON strings within `curl -d` arguments without proper shell escaping. An attacker providing specially crafted input (e.g., containing `"` or `\` characters, or shell metacharacters like `$(...)`) could break the JSON structure, inject arbitrary shell commands, or manipulate the `curl` command itself. Use `jq -n --arg var "$VAR" '{"key": $var}'` or similar methods to safely construct JSON payloads from user input, ensuring proper escaping for both JSON and the shell. Alternatively, use a programming language with a robust JSON library. | LLM | scripts/plan.sh:45 | |
| HIGH | Unsanitized input in scripts/query.sh leads to command injection The `PLAN_ID`, `TASK_ID`, and `QUERY` variables are directly interpolated into `curl` command URLs without proper sanitization. An attacker providing specially crafted input (e.g., containing shell metacharacters like `;`, `$(...)`, or backticks) for these arguments could execute arbitrary shell commands on the system running the script. Sanitize or properly escape user-supplied variables before interpolating them into shell commands or URLs. For URLs, URL-encode the path segments. For shell commands, use `printf %q` or ensure variables are quoted and do not contain shell metacharacters. | LLM | scripts/query.sh:12 |
Scan History
Embed Code
[](https://skillshield.io/report/eca6154395e112f6)
Powered by SkillShield