Trust Assessment
todo-tracker received a trust score of 86/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 1 finding: 0 critical, 1 high, 0 medium, and 0 low severity. Key findings include Potential Command Injection via User Input to Shell Script.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Potential Command Injection via User Input to Shell Script The skill explicitly defines commands that execute a `bash` script (`skills/todo-tracker/scripts/todo.sh`) with user-provided arguments, such as `<item>` and `<item-pattern>`. If the `todo.sh` script does not properly sanitize or quote these arguments before using them in shell commands, an attacker could inject arbitrary shell commands. This could lead to remote code execution, data exfiltration, or unauthorized system modifications within the agent's execution environment. The `todo.sh` script must rigorously sanitize and properly quote all user-provided inputs before incorporating them into shell commands. Implement robust input validation and use safe methods for passing arguments, such as `printf %q` for quoting in bash, or ensuring arguments are passed as distinct parameters to commands that handle them securely, rather than direct string interpolation. | LLM | SKILL.md:26 |
Scan History
Embed Code
[](https://skillshield.io/report/7bcedfbe8efdd5d8)
Powered by SkillShield