Trust Assessment
seekdb-docs received a trust score of 65/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 2 findings: 1 critical, 1 high, 0 medium, and 0 low severity. Key findings include Potential Command Injection via `grep` instruction, Command Injection in update script via `SKILL.md` manifest version.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 55/100, indicating areas for improvement.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings2
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Command Injection in update script via `SKILL.md` manifest version The `scripts/update_docs.sh` script extracts the `version` from the `SKILL.md` manifest (which is treated as untrusted content). This extracted `VERSION` is then used directly as the `--branch` argument in a `git clone` command. If a malicious `SKILL.md` is provided (e.g., as part of a compromised skill package), the `version` field could be crafted to contain shell metacharacters (e.g., `V1.1.0"$(malicious_command)"`) leading to arbitrary command execution during the script's execution. When extracting values from untrusted configuration files for use in shell commands, ensure robust sanitization or validation. For branch names, validate against a strict regex (e.g., `^[a-zA-Z0-9._-]+$`). Avoid direct interpolation of untrusted strings into shell commands. | LLM | scripts/update_docs.sh:15 | |
| HIGH | Potential Command Injection via `grep` instruction The skill explicitly instructs the agent to use a `grep` command with a user-provided `keyword`. If the agent directly interpolates untrusted user input into the `keyword` argument without proper sanitization or escaping, it could lead to command injection. An attacker could craft a `keyword` containing shell metacharacters (e.g., `'; rm -rf /'`) to execute arbitrary commands on the host system. The agent's implementation of the `grep` tool must sanitize or escape user-provided input before passing it to an underlying shell command. Alternatively, use a programmatic search function that does not rely on shell execution. | LLM | SKILL.md:69 |
Scan History
Embed Code
[](https://skillshield.io/report/ef71e1ab4ac97b84)
Powered by SkillShield