Trust Assessment
yahoo-finance received a trust score of 75/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 4 findings: 0 critical, 1 high, 2 medium, and 1 low severity. Key findings include Unpinned npm dependency in installation, Privileged symbolic link created during installation, Potential command injection via `yf` CLI arguments.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 69/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings4
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Potential command injection via `yf` CLI arguments The `SKILL.md` documents the `yf` CLI tool, which takes arguments like `<module>`, `<symbol>`, and `[queryOptions]`. If the AI agent constructs shell commands by directly interpolating untrusted user input into these arguments without proper sanitization or shell escaping, an attacker could provide malicious input (e.g., `AAPL; rm -rf /`) to execute arbitrary commands on the host system. This is a common vulnerability pattern when LLMs interact with shell commands based on user input. The AI agent's implementation of this skill must rigorously sanitize and shell-escape all user-provided arguments before constructing and executing `yf` commands. Consider using a library for safe command execution or strictly whitelisting allowed inputs. | LLM | SKILL.md:24 | |
| MEDIUM | Unpinned npm dependency in installation The skill's installation manifest specifies `npm install yahoo-finance2` without pinning a specific version. This makes the installation vulnerable to supply chain attacks if a malicious version of `yahoo-finance2` is published, potentially leading to arbitrary code execution during skill setup. Pin the `yahoo-finance2` dependency to a specific, known-good version (e.g., `npm install yahoo-finance2@1.2.3`) to ensure deterministic and secure installations. | LLM | SKILL.md | |
| MEDIUM | Potential command injection via `jq` filters The skill documentation shows examples of piping `yf` output to `jq` for filtering. If the `jq` filter string is constructed directly from untrusted user input without validation, it could potentially be manipulated. While `jq` is designed for JSON processing and less prone to direct shell injection, a malicious filter could consume excessive resources or reveal unintended information if not carefully handled. The AI agent's implementation should validate or strictly control `jq` filter strings derived from user input. Prefer pre-defined `jq` filters or use a safe parsing library if dynamic filtering is required. | LLM | SKILL.md:25 | |
| LOW | Privileged symbolic link created during installation The installation manifest includes a command `ln -sf $(npm bin -g)/yahoo-finance /usr/local/bin/yf`. Creating a symbolic link in `/usr/local/bin` typically requires elevated privileges (e.g., `sudo`). While common for CLI tools, this grants the installation process broad write access to a system-wide binary path, which could be exploited if the `yahoo-finance2` package itself is compromised (related to SS-SCL-001). Evaluate if `/usr/local/bin` is strictly necessary. Consider linking to a user-specific `bin` directory (e.g., `~/.local/bin`) or ensuring the installation environment has minimal necessary privileges. | LLM | SKILL.md |
Scan History
Embed Code
[](https://skillshield.io/report/651900ed58cbd434)
Powered by SkillShield