Trust Assessment
template-engine received a trust score of 65/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 3 findings: 1 critical, 1 high, 0 medium, and 1 low severity. Key findings include Excessive Permissions: 'code_execution' and 'computer' tools declared, Potential Server-Side Template Injection (SSTI) with Jinja2, Unpinned Dependencies in Installation Instructions.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 53/100, indicating areas for improvement.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Excessive Permissions: 'code_execution' and 'computer' tools declared The skill's manifest declares highly privileged tools, specifically 'code_execution' and 'computer'. While 'file_operations' is expected for a templating skill, 'code_execution' and 'computer' grant the LLM the ability to execute arbitrary code or shell commands. This poses a significant risk for command injection, data exfiltration, or system compromise if the LLM is prompted to misuse these capabilities. Re-evaluate the necessity of 'code_execution' and 'computer' tools. If the skill's core functionality can be achieved without them, they should be removed. If they are truly necessary, implement strict input validation and sandboxing for any code execution, and ensure the LLM's prompts are carefully designed to prevent misuse. | LLM | SKILL.md | |
| HIGH | Potential Server-Side Template Injection (SSTI) with Jinja2 The skill explicitly uses Jinja2-based templating, as indicated by the 'Template Syntax (Jinja2-based)' section and the use of `docxtpl` (which leverages Jinja2). If untrusted user input is used to define the template content itself, or if the data dictionary passed to the template engine's `render` method contains malicious objects, an attacker could potentially execute arbitrary code or access sensitive data through crafted Jinja2 expressions. Implement strict sanitization and validation for all user-provided template content and data passed to the template engine. Consider sandboxing the Jinja2 environment if untrusted templates are processed. Ensure that the `data` dictionary only contains safe, primitive types or explicitly allowed objects, and avoid passing potentially dangerous objects (like `os` or `subprocess`) into the template context. | LLM | SKILL.md:30 | |
| LOW | Unpinned Dependencies in Installation Instructions The installation instructions suggest installing Python packages (`pip install python-docx openpyxl python-pptx reportlab jinja2`) without specifying exact version numbers. This practice can lead to non-deterministic builds and potential security vulnerabilities if a new version of a dependency introduces breaking changes or a known exploit. While this is an instruction for setup, it reflects a potential lack of dependency management rigor. Always pin dependencies to specific versions (e.g., `package==1.2.3`) or use a lock file (e.g., `requirements.txt` generated with `pip freeze > requirements.txt`) to ensure reproducible and secure environments. This helps prevent unexpected behavior and mitigates risks from new vulnerabilities in unverified package versions. | LLM | SKILL.md:109 |
Scan History
Embed Code
[](https://skillshield.io/report/efa547918268ae86)
Powered by SkillShield