Trust Assessment
table-image-generator received a trust score of 58/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 4 findings: 1 critical, 2 high, 1 medium, and 0 low severity. Key findings include Unpinned npm dependency version, Command Injection via Unquoted Arguments, Arbitrary File Read via --data-file, --input, and --avatar.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 40/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings4
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Command Injection via Unquoted Arguments The skill's Node.js scripts (`table.mjs`, `discord-wrap.mjs`) are designed to be executed via shell commands. Arguments like `--data`, `--data-file`, `--output`, `--input`, `--avatar`, `--message`, `--title`, `--columns`, `--headers`, `--header-color`, `--align` are parsed directly from `process.argv`. If the host LLM constructs the shell command without properly quoting user-provided values for these arguments, an attacker could inject arbitrary shell commands. The `SKILL.md` explicitly warns about 'shell quoting errors', indicating this is a known vulnerability surface. The host LLM must ensure all user-provided arguments passed to the skill's command-line interface are properly shell-quoted to prevent command injection. For example, using `shlex.quote()` in Python or similar mechanisms in other languages. The skill itself could also implement more robust argument parsing that is less susceptible to shell injection, though proper quoting by the caller is the primary defense. | LLM | SKILL.md:26 | |
| HIGH | Arbitrary File Read via --data-file, --input, and --avatar The `table.mjs` script uses `readFileSync(next, 'utf8')` to read data from a file specified by the `--data-file` argument. Similarly, `discord-wrap.mjs` uses `sharp(opts.input)` and `sharp(opts.avatarPath)` to read image files specified by `--input` and `--avatar`. If an attacker can control these file paths, they can instruct the skill to read arbitrary files from the filesystem (e.g., `/etc/passwd`, `/app/secrets.txt`). Even if the files are not valid JSON or images, their content is read into memory, posing a significant data exfiltration risk. Restrict the `--data-file`, `--input`, and `--avatar` arguments to only accept file paths within a designated, non-sensitive data directory. Implement strict path validation to prevent directory traversal attacks (e.g., `../`). Consider using a sandboxed environment or virtual filesystem if arbitrary file access is required for legitimate use cases. | LLM | scripts/table.mjs:26 | |
| HIGH | Arbitrary File Write via --output Both `table.mjs` and `discord-wrap.mjs` use `writeFileSync(opts.output, ...)` to save the generated image to a path specified by the `--output` argument. If an attacker can control this path, they could overwrite or create arbitrary files on the filesystem (e.g., `/etc/nginx/nginx.conf`, `/root/.ssh/authorized_keys`) with the generated image data, potentially leading to denial of service, privilege escalation, or other system compromises. Restrict the `--output` argument to only allow writing files within a designated, non-sensitive output directory. Implement strict path validation to prevent directory traversal attacks (e.g., `../`). Ensure the skill runs with minimal necessary write permissions. | LLM | scripts/table.mjs:169 | |
| MEDIUM | Unpinned npm dependency version Dependency 'sharp' is not pinned to an exact version ('^0.33.0'). Pin dependencies to exact versions to reduce drift and supply-chain risk. | Dependencies | skills/dannyshmueli/table-image-generator/scripts/package.json |
Scan History
Embed Code
[](https://skillshield.io/report/93d0656e06ee7070)
Powered by SkillShield