Trust Assessment
stripe received a trust score of 65/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 3 findings: 2 critical, 0 high, 0 medium, and 1 low severity. Key findings include Command Injection via Arbitrary SQL Execution, Data Exfiltration via Arbitrary SQL Queries, Hardcoded Database Credentials in Script.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 38/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Command Injection via Arbitrary SQL Execution The skill's instructions in `SKILL.md` explicitly direct the LLM to execute arbitrary SQL queries using `./query.sh "SQL_QUERY"`. The `query.sh` script then passes this SQL directly to `psql -c "$SQL"`. This design allows an attacker to inject `psql` meta-commands (e.g., `\! <shell_command>`) or SQL statements that can execute shell commands, leading to arbitrary command execution on the host system. This is a severe vulnerability as it bypasses intended security boundaries. Do not allow direct execution of arbitrary SQL queries from untrusted input. Instead, provide a limited set of parameterized SQL functions or a safe API that restricts operations to read-only and predefined queries. If arbitrary queries are strictly necessary, implement a robust allowlist for SQL commands and sanitize all user input to prevent `psql` meta-commands or shell escapes. | LLM | SKILL.md:2 | |
| CRITICAL | Data Exfiltration via Arbitrary SQL Queries The skill allows the execution of arbitrary SQL queries against a PostgreSQL database containing sensitive Stripe customer and billing data. An attacker can exploit the `./query.sh` mechanism by crafting malicious SQL queries (e.g., using `SELECT` statements to retrieve sensitive data or `\copy` meta-command to write data to files) to extract confidential information from the database. This poses a significant risk of sensitive data exposure. Restrict database access to only necessary, predefined, and parameterized queries. Implement strict access controls and ensure the database user has the minimum required privileges (e.g., read-only access to specific tables). Avoid exposing raw SQL query capabilities to untrusted input. | LLM | SKILL.md:2 | |
| LOW | Hardcoded Database Credentials in Script The `query.sh` script contains hardcoded placeholders for PostgreSQL database credentials (`PGHOST`, `PGUSER`, `PGPASSWORD`). While currently placeholders, this pattern is a security risk as it encourages embedding sensitive information directly into scripts. If actual credentials were to replace these placeholders without proper secret management, they could be exposed if the script or repository is compromised. The `export PGPASSWORD` command also makes the password available in the environment of child processes, which could be a risk if other processes are compromised. Use a secure secret management system (e.g., environment variables loaded securely, a dedicated secrets store) to handle database credentials. Avoid hardcoding sensitive information directly into scripts. Ensure that the database user has the principle of least privilege applied. | LLM | query.sh:6 |
Scan History
Embed Code
[](https://skillshield.io/report/3518f89c0bea9b6b)
Powered by SkillShield