Trust Assessment
promotion-review received a trust score of 70/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 3 findings: 0 critical, 2 high, 1 medium, and 0 low severity. Key findings include Publicly accessible Cloudflare R2 upload, Potential command injection via `pdftotext` utility, Implicit credential usage for Cloudflare R2 upload.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 63/100, indicating areas for improvement.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Publicly accessible Cloudflare R2 upload The skill offers an optional feature to upload HTML reports to Cloudflare R2, explicitly stating that "R2 链接公开可访问,有一定泄露风险". This means sensitive user data (promotion/review materials) could become publicly accessible if this option is used. While the skill warns the user, the capability itself poses a significant data exfiltration risk. Implement strict access controls on R2 buckets (e.g., private buckets with signed URLs for temporary access), or strongly advise against using this feature for highly sensitive data. Ensure user consent is explicit and informed about the public nature of the link. | LLM | SKILL.md:281 | |
| HIGH | Potential command injection via `pdftotext` utility The skill uses the `pdftotext` command-line utility to extract text from PDF files. If the filename or the content of the PDF (which might influence how `pdftotext` is invoked or processed) is not rigorously sanitized before being passed to the command, an attacker could craft a malicious PDF or filename to execute arbitrary shell commands on the host system. Ensure all inputs passed to `pdftotext` (especially filenames) are thoroughly sanitized and escaped. When executing external commands, use a safe subprocess execution method that avoids shell interpretation (e.g., `subprocess.run` with `shell=False` and passing arguments as a list) to prevent command injection. | LLM | SKILL.md:177 | |
| MEDIUM | Implicit credential usage for Cloudflare R2 upload The skill mentions uploading reports to Cloudflare R2. This operation typically requires API keys or other credentials for authentication. The `SKILL.md` does not specify how these credentials are handled, stored, or accessed. There is a risk that these credentials could be hardcoded, improperly stored, or exposed during the skill's execution, making them vulnerable to harvesting. Ensure all cloud credentials (e.g., R2 API keys) are stored securely (e.g., environment variables, secret management services) and never hardcoded within the skill's code. Access should follow the principle of least privilege, and credentials should be rotated regularly. | LLM | SKILL.md:280 |
Scan History
Embed Code
[](https://skillshield.io/report/f7bf3c915cac5498)
Powered by SkillShield