Trust Assessment
sheetsmith received a trust score of 20/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 4 findings: 3 critical, 1 high, 0 medium, and 0 low severity. Key findings include Arbitrary command execution, Dangerous call: subprocess.run(), Command Injection via pandas.DataFrame.query() with 'python' engine.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 40/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings4
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Arbitrary command execution Python shell execution (os.system, subprocess) Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/crimsondevil333333/sheetsmith/tests/test_sheetsmith.py:14 | |
| CRITICAL | Command Injection via pandas.DataFrame.query() with 'python' engine The `filter` command takes a user-supplied `--query` argument which is directly passed to `pandas.DataFrame.query()` with `engine='python'`. This allows arbitrary Python code execution within the context of the running script. An attacker can inject malicious Python code into the query string, leading to full system compromise. Avoid using `engine='python'` with `pandas.DataFrame.query()` when the query string is derived from untrusted user input. Consider using `engine='numexpr'` for safer, albeit more limited, expression evaluation, or implement a robust input validation and sanitization mechanism to ensure only safe expressions are executed. If complex logic is required, implement it directly in Python code rather than relying on user-supplied strings. | LLM | scripts/sheetsmith.py:126 | |
| CRITICAL | Command Injection via pandas.DataFrame.eval() with 'python' engine The `transform` command takes user-supplied `--expr` arguments which are directly passed to `pandas.DataFrame.eval()` with `engine='python'`. This allows arbitrary Python code execution within the context of the running script. An attacker can inject malicious Python code into the expression string, leading to full system compromise. Avoid using `engine='python'` with `pandas.DataFrame.eval()` when the expression string is derived from untrusted user input. Consider using `engine='numexpr'` for safer, albeit more limited, expression evaluation, or implement a robust input validation and sanitization mechanism to ensure only safe expressions are executed. If complex logic is required, implement it directly in Python code rather than relying on user-supplied strings. | LLM | scripts/sheetsmith.py:135 | |
| HIGH | Dangerous call: subprocess.run() Call to 'subprocess.run()' detected in function 'run_cli'. This can execute arbitrary code. Avoid using dangerous functions like exec/eval/os.system. Use safer alternatives. | Static | skills/crimsondevil333333/sheetsmith/tests/test_sheetsmith.py:14 |
Scan History
Embed Code
[](https://skillshield.io/report/26b1d718f9db8437)
Powered by SkillShield