Trust Assessment
travel-concierge received a trust score of 73/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 1 finding: 1 critical, 0 high, 0 medium, and 0 low severity. Key findings include Potential Command Injection via User-Provided URL.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Potential Command Injection via User-Provided URL The skill instructs the host LLM to execute a shell command `travel-concierge find-contact "<url>"` where `<url>` is directly derived from user input. If the user provides a specially crafted string (e.g., `"; rm -rf /"` or `$(evil_command)`), and the LLM does not robustly sanitize or quote the input before passing it to the shell, this could lead to arbitrary command execution on the host system. Even with quotes, certain shell environments or tool implementations might still be vulnerable if not handled carefully. The LLM should strictly sanitize and validate user input before incorporating it into shell commands. Ideally, use a dedicated API or library function for URL parsing and validation, and pass the URL as a distinct argument to the `travel-concierge` tool, rather than embedding it directly into a shell string. If shell execution is unavoidable, ensure robust escaping/quoting of user input (e.g., using `shlex.quote` in Python or similar mechanisms). The `travel-concierge` tool itself should also validate its input. | LLM | SKILL.md:15 |
Scan History
Embed Code
[](https://skillshield.io/report/29c69b2b7be88359)
Powered by SkillShield