Trust Assessment
sag received a trust score of 73/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 1 finding: 1 critical, 0 high, 0 medium, and 0 low severity. Key findings include Potential Command Injection via unsanitized user input.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Potential Command Injection via unsanitized user input The skill defines a shell command template that includes a placeholder for dynamic content ('Your message here'). If the host LLM directly interpolates untrusted user input into this placeholder without proper shell escaping, it could lead to command injection. An attacker could craft malicious input (e.g., `"Hello"; rm -rf /`) to execute arbitrary commands on the system where the 'sag' binary is run. The host LLM must ensure that any user-provided input used in shell commands is properly sanitized and shell-escaped before execution. Alternatively, if the 'sag' tool supports reading input from stdin or a file, that method should be preferred to avoid direct command line argument injection. | LLM | SKILL.md:46 |
Scan History
Embed Code
[](https://skillshield.io/report/8d9c114b791c5f5b)
Powered by SkillShield