Trust Assessment
self-improvement received a trust score of 65/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 4 findings: 0 critical, 2 high, 2 medium, and 0 low severity. Key findings include Execution of unverified external shell scripts, Reliance on unprovided and unverified external scripts and assets, Logging of sensitive operational data to version-controlled files.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 56/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings4
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Execution of unverified external shell scripts The skill explicitly instructs the agent to execute external shell scripts (`activator.sh`, `error-detector.sh`, `extract-skill.sh`) via `command` hooks and direct calls. The content of these scripts is not provided within the skill package context. If these scripts process untrusted input (e.g., from logged errors, user prompts, or skill names for `extract-skill.sh`) without proper sanitization, they could be vulnerable to command injection, allowing an attacker to execute arbitrary commands on the host system. Provide the source code for all external scripts (`activator.sh`, `error-detector.sh`, `extract-skill.sh`) within the skill package for security review. Ensure these scripts sanitize all inputs and use safe execution methods (e.g., `subprocess.run` with `shell=False` in Python) to prevent command injection. | LLM | SKILL.md:246 | |
| HIGH | Reliance on unprovided and unverified external scripts and assets The skill relies on external shell scripts (`activator.sh`, `error-detector.sh`, `extract-skill.sh`) and templates from an `assets/` directory. The content of these components is not included in the provided skill package context. This introduces a significant supply chain risk, as the security and integrity of the entire skill depend on these unverified external files. If these files are malicious, compromised, or contain vulnerabilities, they could lead to command injection, data exfiltration, or other security issues when executed by the agent. Include all external scripts and assets directly within the skill package. All such components must undergo thorough security review to ensure they are free of vulnerabilities, malicious code, and adhere to secure coding practices. | LLM | SKILL.md:71 | |
| MEDIUM | Logging of sensitive operational data to version-controlled files The skill instructs the agent to log detailed operational context, including "Input or parameters used", "Environment details", and "Actual error message or output", to markdown files within the `.learnings/` directory. The skill also suggests tracking these `.learnings/` files in a Git repository ("Track learnings in repo (team-wide): Don't add to .gitignore"). This practice creates a significant risk of inadvertently exfiltrating sensitive data (e.g., API keys, credentials, PII, confidential project details) if such information is present in the agent's operational context and logged without redaction. Once committed to a repository, especially a public one, this data becomes permanently exposed. Implement strict redaction or sanitization rules for any data logged to `.learnings/` files, especially for "Input or parameters used" and "Environment details". Explicitly warn against logging sensitive information. Reconsider the recommendation to track `.learnings/` in a repository, or at least enforce strict `.gitignore` rules for sensitive patterns. | LLM | SKILL.md:110 | |
| MEDIUM | Broad file system write and arbitrary command execution permissions The skill's functionality requires the agent to have broad file system write permissions (e.g., creating `.learnings/` directory, appending to various markdown files, creating new skill directories and `SKILL.md` files) and the ability to execute arbitrary shell scripts. While these permissions are necessary for the skill's intended operation, they represent an excessive permission scope. A compromised agent or a malicious skill leveraging this framework could abuse these permissions to write malicious code, modify critical project files, or execute arbitrary commands on the host system, leading to significant security breaches. Implement a robust sandboxing mechanism for agent execution environments to restrict file system access and command execution capabilities to the absolute minimum required. Review and tighten the scope of directories where the agent can write. Ensure that any scripts executed operate with the least privilege necessary. | LLM | SKILL.md:68 |
Scan History
Embed Code
[](https://skillshield.io/report/80e067a0b6f3626d)
Powered by SkillShield