Trust Assessment
timesheet received a trust score of 65/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 4 findings: 0 critical, 2 high, 2 medium, and 0 low severity. Key findings include Potential Command Injection via User-Controlled Arguments, Potential Command Injection via Piped Commands and jq, Excessive Permissions: File Write Capability.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 56/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings4
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Potential Command Injection via User-Controlled Arguments The skill's documentation demonstrates patterns for executing the 'timesheet' CLI with arguments that are likely to be derived from user input (e.g., project names, task descriptions, IDs). If these user-provided strings are directly interpolated into shell commands without proper sanitization or escaping, an attacker could inject arbitrary shell commands. This is a critical vulnerability for any skill that wraps CLI tools. Implement robust input sanitization and shell escaping for all user-provided arguments before constructing and executing shell commands. When using Python's `subprocess` module, prefer passing arguments as a list to `subprocess.run(..., shell=False)` to avoid shell interpretation. | LLM | SKILL.md:69 | |
| HIGH | Potential Command Injection via Piped Commands and jq The skill documentation includes an example of piping the output of 'timesheet projects list' to 'jq' for filtering. If the filter string (e.g., 'ProjectName' in the example) is derived from user input and not properly sanitized, it could lead to command injection within the 'jq' command or the shell pipeline itself, allowing for arbitrary code execution. Avoid constructing shell pipelines with user-controlled components. If filtering is necessary, retrieve the JSON output from 'timesheet projects list' and perform filtering programmatically within the agent's code, rather than relying on external tools like 'jq' with user-controlled arguments. | LLM | SKILL.md:158 | |
| MEDIUM | Excessive Permissions: File Write Capability The 'timesheet' CLI, as documented, allows exporting reports to files (e.g., XLSX, CSV). This means the skill, when executed by the agent, has the capability to write files to the local filesystem. While this is a legitimate feature of the 'timesheet' tool, it represents a broad permission that could be abused if combined with other vulnerabilities (e.g., command injection) to write malicious files or exfiltrate data to accessible locations. If file export is necessary, restrict the directories where the skill can write files to a secure, temporary, and isolated location. Validate and sanitize any user-provided file paths to prevent directory traversal. Consider if data can be returned directly to the user or processed in memory instead of written to disk. | LLM | SKILL.md:128 | |
| MEDIUM | Supply Chain Risk: Unpinned External Binary Dependency The skill's manifest declares a dependency on the 'timesheet' binary (`"bins": ["timesheet"]`) without specifying a version or any integrity checks (like checksums). This means the skill will execute whatever 'timesheet' binary is found in the system's PATH. If a malicious or compromised version of 'timesheet' is installed on the host system (e.g., through typosquatting, a compromised package repository, or a supply chain attack on the 'timesheet' project itself), the agent would unknowingly execute it, potentially leading to arbitrary code execution or data compromise. If possible, specify a minimum required version for the 'timesheet' binary in the manifest. Implement integrity checks (e.g., checksum verification) if the binary is distributed with the skill or can be reliably sourced. Advise users to install 'timesheet' from trusted sources and keep it updated. Consider sandboxing the execution environment for external binaries. | LLM | Manifest |
Scan History
Embed Code
[](https://skillshield.io/report/3ea913218a2ed4da)
Powered by SkillShield