Trust Assessment
pubmed-edirect received a trust score of 65/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 4 findings: 3 critical, 0 high, 1 medium, and 0 low severity. Key findings include Unverified External Installation Script, Command Injection via Unsanitized PMID Input, Command Injection via Unsanitized Query and Output File.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 3/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings4
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Command Injection via Unsanitized PMID Input The `batch_fetch_abstracts.sh` script directly uses the `$pmid` variable, read line-by-line from a user-provided input file, within an `efetch` command without proper sanitization. An attacker could craft the `pmids.txt` file to include shell metacharacters (e.g., `123; rm -rf /`) which would then be executed by the shell, leading to arbitrary command injection. Sanitize the `$pmid` variable to ensure it only contains valid PMID formats (e.g., numeric values) before passing it to `efetch`. Use a whitelist approach or escape shell metacharacters. For example, use `printf %q` or ensure the input is strictly numeric. | LLM | scripts/batch_fetch_abstracts.sh:30 | |
| CRITICAL | Command Injection via Unsanitized Query and Output File The `publication_trends.sh` script directly uses the `$QUERY` variable (from `$1`) in `esearch -query "$QUERY"` and the `$OUTPUT_FILE` variable (from `$4`) in file redirection (`> "$OUTPUT_FILE"`) without proper sanitization. An attacker could inject shell metacharacters into the query string or craft a malicious output filename, leading to arbitrary command execution or file manipulation. Sanitize the `$QUERY` variable to escape shell metacharacters before passing it to `esearch`. For `$OUTPUT_FILE`, validate the filename to prevent path traversal or shell injection. Consider using `mktemp` for temporary files or strictly whitelisting allowed characters for filenames. | LLM | scripts/publication_trends.sh:29 | |
| CRITICAL | Command Injection via Unsanitized Query and Output File The `search_export_csv.sh` script directly uses the `$QUERY` variable (from `$1`) in `esearch -db pubmed -query "$QUERY"` and the `$OUTPUT_FILE` variable (from `$3`) in file redirection (`> "$OUTPUT_FILE"` and `>> "$OUTPUT_FILE"`) without proper sanitization. An attacker could inject shell metacharacters into the query string or craft a malicious output filename, leading to arbitrary command execution or file manipulation. Sanitize the `$QUERY` variable to escape shell metacharacters before passing it to `esearch`. For `$OUTPUT_FILE`, validate the filename to prevent path traversal or shell injection. Consider using `mktemp` for temporary files or strictly whitelisting allowed characters for filenames. | LLM | scripts/search_export_csv.sh:25 | |
| MEDIUM | Unverified External Installation Script The skill's manifest specifies an installation script (`install-edirect.sh`) to be fetched and executed directly from an external URL. While the source appears official (ftp.ncbi.nlm.nih.gov), executing unverified external scripts introduces a supply chain risk. A compromise of the source server or the script itself could lead to arbitrary code execution during skill installation. Consider vendoring the installation script or providing a hash to verify its integrity before execution. Alternatively, instruct users to manually review and execute the script. | LLM | Manifest |
Scan History
Embed Code
[](https://skillshield.io/report/39697b620ae80d2a)
Powered by SkillShield