Trust Assessment
qmd received a trust score of 75/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 3 findings: 0 critical, 1 high, 2 medium, and 0 low severity. Key findings include Sensitive environment variable access: $HOME, Potential Command Injection via `qmd` arguments, Unpinned dependency in installation command.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Potential Command Injection via `qmd` arguments The skill describes executing `qmd` commands with arguments that can originate from user input (e.g., search queries, file paths). If an AI agent constructs these shell commands without proper sanitization of user-provided strings, a malicious user could inject arbitrary shell commands. For example, passing `"query; rm -rf /"` as a search query to `qmd search` could lead to unintended system modifications. The skill definition does not provide guidance on sanitizing user input. AI agents should rigorously sanitize all user-provided input before incorporating it into shell commands. Consider using a library that safely escapes shell arguments or executing the `qmd` binary directly with an array of arguments instead of a single shell string. The `qmd` tool itself should also validate and sanitize its inputs. | LLM | SKILL.md:67 | |
| MEDIUM | Sensitive environment variable access: $HOME Access to sensitive environment variable '$HOME' detected in shell context. Verify this environment variable access is necessary and the value is not exfiltrated. | Static | skills/lifecoacher/qmd-skill-2/SKILL.md:23 | |
| MEDIUM | Unpinned dependency in installation command The skill's installation command `bun install -g https://github.com/tobi/qmd` pulls the latest version from the `tobi/qmd` GitHub repository's default branch. This means that if the upstream repository is compromised, a malicious version of `qmd` could be installed without explicit user or agent approval, leading to a supply chain attack. This lacks version pinning for security and reproducibility. Pin the dependency to a specific version, commit hash, or release tag. For example, `bun install -g https://github.com/tobi/qmd#v1.2.3` or `bun install -g https://github.com/tobi/qmd#<commit_hash>`. This ensures deterministic installations and reduces the risk of unexpected malicious updates. | LLM | SKILL.md:47 |
Scan History
Embed Code
[](https://skillshield.io/report/d4d53cadd6cda3b2)
Powered by SkillShield