Trust Assessment
vibe-ship received a trust score of 65/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 3 findings: 1 critical, 1 high, 0 medium, and 1 low severity. Key findings include Unsanitized shell command execution with dynamic input, Public repository creation with broad file inclusion, Use of unpinned dependency version for project initialization.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 53/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Unsanitized shell command execution with dynamic input The skill instructs the LLM to execute shell commands using dynamic placeholders like `[name]` and `[project-dir]`. If these placeholders are populated with unsanitized user input or LLM-generated values, it could lead to command injection, allowing arbitrary shell commands to be executed. Examples include `npx create-next-app@latest [name]`, `cd [project-dir]`, and `gh repo create [name] --public --push`. The LLM should be instructed to sanitize or validate any dynamic input used in shell commands to prevent injection. For example, by escaping shell metacharacters or strictly validating the format of `[name]` and `[project-dir]`. | LLM | SKILL.md:50 | |
| HIGH | Public repository creation with broad file inclusion The skill instructs the LLM to initialize a Git repository, add all current files (`git add .`), and then create a *public* GitHub repository (`gh repo create [name] --public --push`). This process risks exfiltrating sensitive data if the project directory contains files with secrets (e.g., `.env` files, temporary configuration, or logs) that are not properly excluded by a `.gitignore` file or if the LLM generates such files during the development process. While the skill advises against hardcoding secrets, the broad `git add .` combined with a public push creates a significant exfiltration vector. Instruct the LLM to ensure a robust `.gitignore` file is present and correctly configured to exclude sensitive files (like `.env`, build artifacts, logs) *before* `git add .` is executed. Alternatively, instruct the LLM to use `git add -A` with a specific list of files/directories to include, rather than `git add .`. Consider defaulting to private repositories unless explicitly requested by the user. | LLM | SKILL.md:78 | |
| LOW | Use of unpinned dependency version for project initialization The skill instructs the LLM to use `npx create-next-app@latest` for project initialization. Relying on the `@latest` tag means the exact version of `create-next-app` is not pinned. While `create-next-app` is a trusted package, using unpinned dependencies can introduce unexpected breaking changes or, in a worst-case scenario, a compromised version if the `latest` tag is hijacked, leading to supply chain vulnerabilities. Instruct the LLM to use a specific, pinned version of `create-next-app` (e.g., `npx create-next-app@14.1.0`) instead of `@latest` to ensure reproducibility and mitigate risks from unexpected updates or compromised versions. | LLM | SKILL.md:50 |
Scan History
Embed Code
[](https://skillshield.io/report/425aa38956f03104)
Powered by SkillShield