Trust Assessment
self-reflection received a trust score of 86/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 1 finding: 0 critical, 1 high, 0 medium, and 0 low severity. Key findings include Potential Command Injection via 'log' command arguments.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Potential Command Injection via 'log' command arguments The `self-reflection log` command accepts three user-provided string arguments (`<tag>`, `<miss>`, `<fix>`). If these arguments are not properly sanitized or escaped before being used in an underlying shell command or script, an attacker could inject arbitrary shell commands. For example, providing a value like `"; rm -rf /tmp; echo "` for `<miss>` could lead to execution of `rm -rf /tmp`. This is a common vulnerability pattern for skills that accept user input and interact with the shell or filesystem, especially given the manifest's requirement for `jq`, which is often used in shell scripting. Implement robust input sanitization and escaping for all arguments passed to the `self-reflection log` command. When constructing shell commands, use parameterized execution or ensure all user-provided strings are properly quoted and escaped to prevent them from being interpreted as commands. For example, use `shlex.quote()` in Python or similar functions in other languages to properly escape shell arguments. | LLM | SKILL.md:29 |
Scan History
Embed Code
[](https://skillshield.io/report/7ecace2830a71c85)
Powered by SkillShield