Trust Assessment
strykr-prism received a trust score of 86/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 1 finding: 0 critical, 1 high, 0 medium, and 0 low severity. Key findings include Command Injection via unescaped arguments in `prism.sh`.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Command Injection via unescaped arguments in `prism.sh` The `scripts/prism.sh` script directly interpolates user-provided arguments (`$2`) into `curl` commands without proper escaping. This allows an attacker to inject arbitrary shell commands using command substitution (e.g., `$(id)` or backticks) which will be executed by the shell before the `curl` command is invoked. This vulnerability affects all commands that use `$2` within double-quoted strings, including `resolve`, `resolve-nl`, `venues`, `price`, `stock`, `analyze`, `copycat`, `holders`, `funding`, `oi`, and `wallet`. User-provided arguments must be properly sanitized and escaped before being used in shell commands. For shell scripts, this often involves using `printf %q` to quote arguments for safe use, or carefully escaping special characters like backticks, dollar signs, and double quotes. A more robust solution would be to implement the skill in a language like Python, which offers safer methods for building HTTP requests and handling user input. | LLM | scripts/prism.sh:9 |
Scan History
Embed Code
[](https://skillshield.io/report/b5da6821ac1675cb)
Powered by SkillShield