Trust Assessment
war-room received a trust score of 86/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 1 finding: 0 critical, 1 high, 0 medium, and 0 low severity. Key findings include Command Injection in init_war_room.sh via project name.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Command Injection in init_war_room.sh via project name The `init_war_room.sh` script constructs file paths using the user-provided project name (`$1`). If the project name contains shell command substitutions (e.g., `$(evil_command)`), these commands will be executed by the shell when the script attempts to create or write to files using `cat > "$DIR/FILENAME"`. This allows an attacker to execute arbitrary commands on the host system with the privileges of the user running the script. Sanitize the `PROJECT` variable to remove or escape shell metacharacters, or strictly validate its format (e.g., allow only alphanumeric characters and hyphens). For example, use `PROJECT=$(basename "$PROJECT")` to strip path components and then validate characters. Ensure all variable expansions used in file paths are properly quoted and do not allow command substitution. | LLM | scripts/init_war_room.sh:27 |
Scan History
Embed Code
[](https://skillshield.io/report/587c16def15b43ba)
Powered by SkillShield