Trust Assessment
weather received a trust score of 98/100, placing it in the Trusted category. This skill has passed all critical security checks and demonstrates strong security practices.
SkillShield's automated analysis identified 1 finding: 0 critical, 0 high, 0 medium, and 1 low severity. Key findings include Untrusted shell commands present in skill documentation.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| LOW | Untrusted shell commands present in skill documentation The `SKILL.md` file, which is treated as untrusted input, contains multiple `bash` code blocks with shell commands. If the host LLM or an automated system were to directly execute these commands from the untrusted documentation, it could lead to command injection. While the current `curl` commands are benign and target public weather services, this pattern represents a potential vulnerability if the content were to contain malicious commands. The presence of executable code in untrusted input requires careful handling to prevent unintended execution. Ensure that any processing of untrusted skill documentation explicitly prevents the direct execution of code blocks. The LLM should be instructed to understand and generate code based on these examples, not to execute them directly. Implement strict sandboxing for any code execution originating from untrusted sources. | LLM | SKILL.md:8 |
Scan History
Embed Code
[](https://skillshield.io/report/78ddafc65bdd2144)
Powered by SkillShield