Trust Assessment
task-decomposer received a trust score of 65/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 2 findings: 1 critical, 1 high, 0 medium, and 0 low severity. Key findings include Direct shell command execution via `npx`, Installation of unverified skills from arbitrary repositories.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 55/100, indicating areas for improvement.
Last analyzed on February 12, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings2
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Installation of unverified skills from arbitrary repositories The skill's core workflow involves instructing the agent to install skills using `npx skills add <owner/repo@skill>`. This command allows the agent to fetch and install code from any specified GitHub repository (or similar source implied by `owner/repo`). There is no described mechanism for verifying the security, authenticity, or integrity of these external skills before installation and potential execution. This creates a critical supply chain vulnerability, as a malicious skill could be introduced into the agent's environment, leading to arbitrary code execution, data exfiltration, or other malicious activities. Implement a strict whitelist or curated registry for approved skills. Before installation, perform automated security scans, code reviews, and integrity checks (e.g., cryptographic signatures). Isolate skill execution in a sandboxed environment with minimal permissions. Do not allow installation of arbitrary skills from unverified repositories. | LLM | SKILL.md:120 | |
| HIGH | Direct shell command execution via `npx` The skill explicitly instructs the agent to execute shell commands using `npx` (e.g., `npx skills find`, `npx skills init`). This allows for arbitrary command execution if the arguments to `npx` are not properly sanitized or if the `skills` CLI itself has vulnerabilities. This provides a direct vector for command injection. Avoid direct execution of shell commands based on untrusted input. If shell execution is necessary, use a sandboxed environment and strictly validate/sanitize all inputs. Consider using a dedicated tool invocation mechanism instead of raw shell commands. | LLM | SKILL.md:108 |
Scan History
Embed Code
[](https://skillshield.io/report/0d0fcba1aa528dab)
Powered by SkillShield