Trust Assessment
resume-optimizer received a trust score of 20/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 5 findings: 1 critical, 4 high, 0 medium, and 0 low severity. Key findings include Arbitrary command execution, Dangerous call: subprocess.check_call(), Command Injection via subprocess.check_call for package installation.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 55/100, indicating areas for improvement.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings5
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Arbitrary command execution Python shell execution (os.system, subprocess) Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/tomstools11/resume-optimizer/scripts/generate_resume_pdf.py:21 | |
| HIGH | Dangerous call: subprocess.check_call() Call to 'subprocess.check_call()' detected in function '<module>'. This can execute arbitrary code. Avoid using dangerous functions like exec/eval/os.system. Use safer alternatives. | Static | skills/tomstools11/resume-optimizer/scripts/generate_resume_pdf.py:21 | |
| HIGH | Command Injection via subprocess.check_call for package installation The skill's Python script attempts to install the 'reportlab' package using `subprocess.check_call`. While the package name is hardcoded, executing `pip install` via `subprocess` is a powerful primitive that allows arbitrary command execution if an attacker could influence the arguments or the environment. The `--break-system-packages` flag further escalates this risk by allowing modifications to system-wide Python installations, indicating excessive permissions. Avoid using `subprocess.check_call` for package installation within a skill. Ensure all necessary dependencies are pre-installed in the execution environment. If dynamic installation is absolutely required, use a safer, sandboxed method or a package manager API that does not involve shell execution. Remove `--break-system-packages` if not strictly necessary. | LLM | scripts/generate_resume_pdf.py:20 | |
| HIGH | Arbitrary File Read via --input argument The `generate_resume_pdf.py` script accepts an `--input` argument of type `Path` to specify the JSON resume data file. The script then reads the content of this file using `input_file.read_text()`. An attacker controlling the `--input` argument could specify an arbitrary file path on the system, allowing the skill to read the content of any file accessible to the process. This poses a significant data exfiltration risk. Restrict the `--input` argument to a safe, sandboxed directory (e.g., `/mnt/user-data/inputs/`). Implement strict validation to ensure the provided path is within the allowed directory and does not contain path traversal sequences (e.g., `../`). | LLM | scripts/generate_resume_pdf.py:300 | |
| HIGH | Arbitrary File Write via --output argument The `generate_resume_pdf.py` script accepts an `--output` argument of type `Path` to specify the output PDF file. The script then writes the generated PDF to this path. An attacker controlling the `--output` argument could specify an arbitrary writable file path on the system, potentially overwriting sensitive files or writing malicious content to unexpected locations. While the `SKILL.md` instructs saving to `/mnt/user-data/outputs/`, the script itself does not enforce this restriction. Restrict the `--output` argument to a safe, sandboxed directory (e.g., `/mnt/user-data/outputs/`). Implement strict validation to ensure the provided path is within the allowed directory and does not contain path traversal sequences (e.g., `../`). | LLM | scripts/generate_resume_pdf.py:303 |
Scan History
Embed Code
[](https://skillshield.io/report/bfbe64307e79fd64)
Powered by SkillShield