Trust Assessment
skylight received a trust score of 60/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 4 findings: 0 critical, 2 high, 2 medium, and 0 low severity. Key findings include Hidden network beacons / undisclosed telemetry, Sensitive environment variable access: $USER, Command Injection via Unsanitized Environment Variables in Shell Commands.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings4
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Hidden network beacons / undisclosed telemetry Command output piped through base64 encoding Remove undisclosed network calls and telemetry. All outbound communication should be documented and necessary for the skill's stated purpose. BCC injection in email tools is almost always malicious. | Manifest | skills/riyadchowdhury/skylight-skill/SKILL.md:46 | |
| HIGH | Command Injection via Unsanitized Environment Variables in Shell Commands The skill's bash snippets directly interpolate environment variables such as `SKYLIGHT_URL` and `SKYLIGHT_FRAME_ID` into `curl` commands without proper sanitization. If an attacker can control these environment variables (e.g., through a malicious prompt or environment configuration), they could inject arbitrary shell commands, leading to remote code execution. For example, if `SKYLIGHT_URL` is set to `http://example.com; rm -rf /; #`, the `rm -rf /` command would be executed. Ensure all environment variables used in shell commands are strictly validated and sanitized. For URLs and path components, proper URL encoding should be applied. A more robust solution would be to use a dedicated HTTP client library in a language like Python, which handles argument sanitization more securely than direct shell interpolation. | LLM | SKILL.md:27 | |
| MEDIUM | Sensitive environment variable access: $USER Access to sensitive environment variable '$USER' detected in shell context. Verify this environment variable access is necessary and the value is not exfiltrated. | Static | skills/riyadchowdhury/skylight-skill/SKILL.md:46 | |
| MEDIUM | Credential Harvesting Risk via Configurable API Endpoint The skill is designed to handle sensitive user credentials (`SKYLIGHT_EMAIL`, `SKYLIGHT_PASSWORD`) for authentication and uses a configurable `SKYLIGHT_URL`. While this is the intended functionality, if the `SKYLIGHT_URL` environment variable is maliciously configured by an attacker, the skill would send the user's credentials to an attacker-controlled server, leading to credential harvesting. Emphasize in the skill's documentation the critical importance of verifying the `SKYLIGHT_URL` environment variable. If possible, restrict `SKYLIGHT_URL` to a whitelist of known, trusted domains. For sensitive credentials, consider using secure credential storage mechanisms provided by the platform rather than direct environment variables. | LLM | SKILL.md:27 |
Scan History
Embed Code
[](https://skillshield.io/report/52d461c33c324c22)
Powered by SkillShield