Trust Assessment
x-articles received a trust score of 66/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 4 findings: 0 critical, 2 high, 1 medium, and 1 low severity. Key findings include Unsanitized environment variable in shell command, Arbitrary file upload via browser automation, Broad browser automation capabilities with logged-in session.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 61/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings4
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Unsanitized environment variable in shell command The `publish-article.sh` script uses the `$CDP_PORT` environment variable directly in `agent-browser` commands without proper sanitization or quoting. A malicious value for `CDP_PORT` (e.g., `18800; rm -rf /`) could lead to arbitrary command execution on the host system. Ensure that environment variables used in shell commands are properly sanitized or quoted to prevent command injection. For numeric values like ports, validate them as integers. If the variable is intended to be a single argument, it should be quoted: `agent-browser --cdp "$CDP_PORT" ...`. | LLM | scripts/publish-article.sh:36 | |
| HIGH | Arbitrary file upload via browser automation The `publish-article.sh` script uses `agent-browser` to upload a user-specified file (`$COVER_IMAGE`) to a web form on X.com. If an attacker can manipulate the `$COVER_IMAGE` argument (e.g., through a prompt injection to the LLM calling this script, or by exploiting other vulnerabilities), they could cause the skill to upload arbitrary local files to an external service. Implement strict validation and sanitization for file paths provided as input. Consider restricting file uploads to specific directories or file types. If the LLM is responsible for providing the path, ensure the LLM's output is constrained and validated. | LLM | scripts/publish-article.sh:60 | |
| MEDIUM | Broad browser automation capabilities with logged-in session The `publish-article.sh` script leverages `agent-browser` to perform extensive browser automation, including navigation, element interaction, file uploads, and arbitrary JavaScript execution (`evaluate`). This operates on a prerequisite of a 'Logged into X on the browser' session, granting the skill full control over the user's X.com account and potentially other browser activities. While intended, this broad access poses a significant risk if the skill or its inputs are compromised. Clearly document the security implications of running browser automation with a logged-in session. Consider implementing stricter sandboxing for browser automation or limiting the scope of `agent-browser` commands if possible. For `evaluate`, ensure the JavaScript executed is minimal and strictly controlled. | LLM | scripts/publish-article.sh:100 | |
| LOW | Unpinned CLI dependency The `skill.json` manifest declares `agent-browser` as a CLI dependency without specifying a version. This means that any version of `agent-browser` could be installed, potentially introducing breaking changes, vulnerabilities, or unexpected behavior in future updates. Pin CLI dependencies to specific versions or version ranges (e.g., `"agent-browser@1.2.3"` or `"agent-browser@^1.0.0"`) to ensure deterministic and secure installations. | LLM | skill.json:14 |
Scan History
Embed Code
[](https://skillshield.io/report/3585b93194eb8453)
Powered by SkillShield