Trust Assessment
x-trends received a trust score of 70/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 3 findings: 0 critical, 2 high, 1 medium, and 0 low severity. Key findings include Potential Command Injection in `twurl` arguments, Data Exfiltration Risk via Malicious `twurl` Commands, Unpinned `twurl` gem dependency.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 63/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Potential Command Injection in `twurl` arguments The skill demonstrates executing `twurl` commands where parts of the URL query string (e.g., `query=%23YourHashtag`) are likely to be constructed from user input. If the LLM directly interpolates untrusted user input into these parameters without proper shell escaping, an attacker could inject arbitrary shell commands. For example, if `YourHashtag` contains shell metacharacters like `$(malicious_command)`, it could lead to arbitrary code execution on the host system. Implement robust input sanitization and shell escaping for all user-provided parameters before constructing and executing shell commands. Use a safe command execution library or function that handles argument separation properly, rather than string concatenation. For example, pass arguments as a list to `subprocess.run` in Python. | LLM | SKILL.md:54 | |
| HIGH | Data Exfiltration Risk via Malicious `twurl` Commands The `twurl` tool is authorized with the user's Twitter API credentials. If a command injection vulnerability (as described in SS-LLM-003) is exploited, an attacker could craft `twurl` commands to make arbitrary API calls to Twitter. This could lead to the exfiltration of sensitive user data accessible via the Twitter API (e.g., private tweets, direct messages if permissions allow, or account details) to an attacker-controlled endpoint or by displaying it to the user in a way that can be captured. Prevent command injection by strictly validating and sanitizing all user inputs. Ensure that `twurl` commands are constructed using safe methods that prevent arbitrary URL or parameter manipulation. Consider limiting the scope of API keys if possible, or using a proxy that filters requests. | LLM | SKILL.md:54 | |
| MEDIUM | Unpinned `twurl` gem dependency The skill's manifest specifies `twurl` as a required gem, and the setup instructions suggest `gem install twurl`. However, no specific version is pinned. This means that `gem install twurl` will always fetch the latest version available. If a malicious update to the `twurl` gem is published, or if the gem's repository is compromised, users installing this skill could unknowingly install compromised software. Pin the `twurl` gem dependency to a specific, known-good version in the manifest (e.g., `"package": "twurl", "version": "x.y.z"`) and update the installation instructions accordingly. Regularly review and update pinned versions to incorporate security patches. | LLM | SKILL.md:11 |
Scan History
Embed Code
[](https://skillshield.io/report/23b1d07f4efbf27f)
Powered by SkillShield