Trust Assessment
transcript received a trust score of 10/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 7 findings: 6 critical, 1 high, 0 medium, and 0 low severity. Key findings include Persistence / self-modification instructions, Command Injection via unsanitized user input in shell commands.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The Manifest Analysis layer scored lowest at 0/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings7
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Persistence / self-modification instructions Shell RC file modification for persistence Remove any persistence mechanisms. Skills should not modify system startup configurations, crontabs, LaunchAgents, systemd services, or shell profiles. | Manifest | skills/therohitdas/transcript/scripts/tapi-auth.js:467 | |
| CRITICAL | Persistence / self-modification instructions Shell RC file modification for persistence Remove any persistence mechanisms. Skills should not modify system startup configurations, crontabs, LaunchAgents, systemd services, or shell profiles. | Manifest | skills/therohitdas/transcript/scripts/tapi-auth.js:468 | |
| CRITICAL | Persistence / self-modification instructions Shell RC file modification for persistence Remove any persistence mechanisms. Skills should not modify system startup configurations, crontabs, LaunchAgents, systemd services, or shell profiles. | Manifest | skills/therohitdas/transcript/scripts/tapi-auth.js:472 | |
| CRITICAL | Persistence / self-modification instructions Shell RC file modification for persistence Remove any persistence mechanisms. Skills should not modify system startup configurations, crontabs, LaunchAgents, systemd services, or shell profiles. | Manifest | skills/therohitdas/transcript/scripts/tapi-auth.js:473 | |
| CRITICAL | Persistence / self-modification instructions Shell RC file modification for persistence Remove any persistence mechanisms. Skills should not modify system startup configurations, crontabs, LaunchAgents, systemd services, or shell profiles. | Manifest | skills/therohitdas/transcript/scripts/tapi-auth.js:581 | |
| CRITICAL | Persistence / self-modification instructions Shell RC file modification for persistence Remove any persistence mechanisms. Skills should not modify system startup configurations, crontabs, LaunchAgents, systemd services, or shell profiles. | Manifest | skills/therohitdas/transcript/scripts/tapi-auth.js:688 | |
| HIGH | Command Injection via unsanitized user input in shell commands The `SKILL.md` instructs the LLM to construct and execute shell commands (`node` and `curl`) that incorporate user-provided values (e.g., `USER_EMAIL`, `TOKEN_FROM_STEP_1`, `CODE`, `VIDEO_URL`). If the LLM or the underlying agent directly interpolates these user inputs into a shell command string without proper escaping or sanitization, a malicious user could inject arbitrary shell commands. For example, providing an email like `foo@example.com; rm -rf /` or a video URL like `https://youtube.com/watch?v=ID" -o /tmp/output.txt; rm -rf /` could lead to arbitrary code execution on the host system. The agent responsible for executing these commands must implement robust shell escaping for all user-provided variables before constructing and executing the final command string. Alternatively, use libraries or APIs that handle command execution securely by passing arguments as a list rather than a single string, or by validating inputs against expected formats. | LLM | SKILL.md:14 |
Scan History
Embed Code
[](https://skillshield.io/report/42ae264f44e1fdd5)
Powered by SkillShield