Trust Assessment
trimet received a trust score of 86/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 1 finding: 0 critical, 1 high, 0 medium, and 0 low severity. Key findings include Potential Command Injection via User Input.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Potential Command Injection via User Input The skill is designed to execute the `trimet` binary, as indicated by `metadata.clawdbot.requires.bins`. The `SKILL.md` provides numerous examples where user-provided input (e.g., stop IDs, locations like 'Pioneer Square', times like '5:30 PM') is directly incorporated into shell commands. If the LLM generating these commands does not properly sanitize or quote user input before execution, a malicious user could inject arbitrary shell commands. For instance, providing input like `8383; rm -rf /` for a stop ID could lead to arbitrary code execution. The LLM responsible for generating `trimet` commands must strictly sanitize and properly quote all user-provided arguments before passing them to the shell. Implement robust input validation and use shell-safe quoting mechanisms (e.g., `shlex.quote` in Python) to prevent command injection. | LLM | SKILL.md:30 |
Scan History
Embed Code
[](https://skillshield.io/report/7667b516f46ac50e)
Powered by SkillShield