Trust Assessment
workspace-review received a trust score of 77/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 3 findings: 0 critical, 1 high, 1 medium, and 1 low severity. Key findings include Sensitive environment variable access: $HOME, Command Injection via unsanitized argument in shell script, Potential data exfiltration: Script searches for API key patterns.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Command Injection via unsanitized argument in shell script The `scripts/workspace-status.sh` script defines the `WORKSPACE` variable using the first command-line argument (`$1`) without proper sanitization. This variable is then used in a `cd "$WORKSPACE"` command. If an attacker can control the value of `$1` and inject shell metacharacters or command substitutions (e.g., `$(evil_command)`), arbitrary commands could be executed on the host system. While the variable is quoted, command substitutions are expanded by the shell before the `cd` command is invoked, leading to potential arbitrary code execution. Implement robust input validation for the `$1` argument. Ensure it is a safe, absolute path and does not contain any shell metacharacters or command substitutions. Consider using `realpath` and checking against allowed directories, or explicitly disallowing special characters. If the script is only for internal use with trusted paths, ensure the agent is never instructed to pass untrusted input to it. | LLM | scripts/workspace-status.sh:5 | |
| MEDIUM | Sensitive environment variable access: $HOME Access to sensitive environment variable '$HOME' detected in shell context. Verify this environment variable access is necessary and the value is not exfiltrated. | Static | skills/ortegarod/workspace-review/scripts/workspace-status.sh:5 | |
| LOW | Potential data exfiltration: Script searches for API key patterns The `scripts/workspace-status.sh` script contains a `grep` command (`grep -r -l "sk-" --include="*.md" .`) that actively searches for patterns indicative of API keys (e.g., 'sk-') within `.md` files in the workspace. While the script itself only outputs a warning message indicating the *presence* of a potential key and does not print the key's value, the act of identifying and reporting the existence of such sensitive patterns could lead to indirect data exfiltration if the agent's output or logs are compromised or if the agent is subsequently prompted to retrieve the contents of the identified files. Ensure that the agent's output and logging mechanisms are secure and do not inadvertently expose sensitive information identified by this check. If the agent is instructed to act on this warning, ensure it does so securely (e.g., by prompting the user for confirmation before accessing or modifying the file, or by redacting sensitive information). | LLM | scripts/workspace-status.sh:68 |
Scan History
Embed Code
[](https://skillshield.io/report/a9626d4bcfe11074)
Powered by SkillShield