Trust Assessment
promptify received a trust score of 65/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 2 findings: 1 critical, 1 high, 0 medium, and 0 low severity. Key findings include Potential command execution via 'Task tool' and 'agents/ directory', Direct command injection via `pbcopy` in output step.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 55/100, indicating areas for improvement.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings2
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Direct command injection via `pbcopy` in output step The skill explicitly instructs the LLM to execute `echo 'PROMPT' | pbcopy` as part of its output process. If the `PROMPT` variable, which is derived from user input and optimization, contains shell metacharacters or commands, this could lead to arbitrary command execution on the host system. For example, if `PROMPT` contains `'$(rm -rf /)'`, the `pbcopy` command would execute `rm -rf /`. Avoid direct shell command execution with potentially untrusted input. Instead of `pbcopy`, use a secure API or method provided by the environment to copy text to the clipboard. If shell execution is unavoidable, ensure robust sanitization and escaping of the `PROMPT` variable to prevent injection of shell metacharacters. | LLM | SKILL.md:62 | |
| HIGH | Potential command execution via 'Task tool' and 'agents/ directory' The skill instructs the LLM to 'Run in parallel via Task tool (agents/ directory)'. This implies the LLM can invoke an external tool and access a specific directory. If the 'Task tool' allows arbitrary command execution or if the 'agents/ directory' can be manipulated by untrusted input, this could lead to command injection or unauthorized file access/execution. The specific nature of the 'Task tool' and the scope of 'agents/ directory' access are not defined, posing a significant risk. Define and restrict the capabilities of the 'Task tool'. Ensure that access to the 'agents/ directory' is read-only or strictly controlled, and that any agents loaded from it are vetted and sandboxed. Prevent untrusted input from influencing the arguments passed to the 'Task tool' or the specific agent loaded. | LLM | SKILL.md:27 |
Scan History
Embed Code
[](https://skillshield.io/report/f4ee513222e923cc)
Powered by SkillShield