Trust Assessment
sveltekit-webapp received a trust score of 81/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 2 findings: 0 critical, 1 high, 1 medium, and 0 low severity. Key findings include Potential Command Injection via `exec` and Sub-Agent Input, Broad Tool Permissions Required for Skill Operation.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings2
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Potential Command Injection via `exec` and Sub-Agent Input The skill explicitly requires the `exec` tool and instructs the execution of various shell commands (e.g., `npm i -g`, `pnpx sv create`, `pnpm install`, `git`, `vercel`, `drizzle-kit`). Furthermore, the skill uses `sessions_spawn` to delegate tasks to sub-agents, passing user story details (`title`, `description`) and `project_path`. If these user-provided or derived strings are directly interpolated into shell commands without robust sanitization by the agent or sub-agents, it could lead to arbitrary command execution. While the `safety_notes` mention user approval for commands, this relies on the user's ability to scrutinize complex shell commands for malicious payloads, which is often impractical. Implement robust input sanitization and escaping for all user-provided or derived strings before they are used in shell commands. Ensure that the agent's `exec` wrapper provides a secure way to pass arguments, preventing shell metacharacter interpretation. The `sessions_spawn` mechanism should explicitly define how parameters are passed to sub-agents and ensure sub-agents also sanitize inputs before command execution. | LLM | SKILL.md:1 | |
| MEDIUM | Broad Tool Permissions Required for Skill Operation The skill requires `exec`, `Write`, and `Edit` tools. The `exec` tool grants the ability to run arbitrary shell commands, and `Write`/`Edit` tools allow modification of any file within the agent's workspace. While these permissions are necessary for the skill's stated purpose of scaffolding and deploying web applications, they are inherently broad and could be misused if the agent's logic is compromised or if user input is maliciously crafted. The `safety_notes` mention user approval for commands, which is a mitigation, but the underlying permissions remain extensive. Ensure that the agent's execution environment strictly sandboxes the skill's operations to the intended project directory. Implement fine-grained access controls where possible, limiting `Write`/`Edit` operations to specific file types or directories relevant to the project. Continuously review the necessity of broad `exec` calls and explore alternatives like dedicated APIs or more constrained execution environments if available. | LLM | SKILL.md:1 |
Scan History
Embed Code
[](https://skillshield.io/report/83592afb83266838)
Powered by SkillShield