Trust Assessment
qto-report received a trust score of 73/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 3 findings: 0 critical, 1 high, 2 medium, and 0 low severity. Key findings include Missing required field: name, Arbitrary File Write via Unsanitized Output Path, Arbitrary File Read via Unsanitized Input Path.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Arbitrary File Write via Unsanitized Output Path The `export_qto_report` function constructs output file paths using f-strings like `f"{base_name}.xlsx"`, `f"{base_name}.csv"`, and `f"{base_name}.json"`. If the `base_name` parameter is derived from untrusted user input and is not properly sanitized, an attacker could inject path traversal sequences (e.g., `../../../../tmp/malicious`) to write files to arbitrary locations on the file system. This could lead to data corruption, denial of service (by overwriting critical system files), or potentially remote code execution if specific system files are targeted. Implement strict input validation and sanitization for the `base_name` parameter to prevent path traversal. Ensure that `base_name` only contains valid filename characters and does not include directory separators (e.g., `/`, `\`, `..`). Alternatively, ensure that the skill's execution environment strictly sandboxes file write operations to a designated, isolated directory, preventing writes outside of it. | LLM | SKILL.md:270 | |
| MEDIUM | Missing required field: name The 'name' field is required for claude_code skills but is missing from frontmatter. Add a 'name' field to the SKILL.md frontmatter. | Static | skills/datadrivenconstruction/qto-report/SKILL.md:1 | |
| MEDIUM | Arbitrary File Read via Unsanitized Input Path Functions like `apply_excel_rules` (which uses `pd.read_excel`) and `extract_qto_from_ifc` (which uses `ifcopenshell.open`) accept file paths as parameters (`rules_path`, `ifc_path`). If these parameters are derived from untrusted user input and are not properly sanitized, an attacker could inject path traversal sequences (e.g., `../../../../etc/passwd`) to read arbitrary files on the file system. This could lead to information disclosure, allowing an attacker to access sensitive data that the skill's execution environment has permissions to read. Implement strict input validation and sanitization for file path parameters (`rules_path`, `ifc_path`) to prevent path traversal. Ensure that these paths refer only to files within an allowed, sandboxed directory that is explicitly designated for user input files. | LLM | SKILL.md:200 |
Scan History
Embed Code
[](https://skillshield.io/report/a221faa6749f002f)
Powered by SkillShield