Trust Assessment
youtube-playlist received a trust score of 10/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 7 findings: 6 critical, 1 high, 0 medium, and 0 low severity. Key findings include Persistence / self-modification instructions, Potential Command Injection via unsanitized user input in shell commands.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The Manifest Analysis layer scored lowest at 0/100, indicating areas for improvement.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings7
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Persistence / self-modification instructions Shell RC file modification for persistence Remove any persistence mechanisms. Skills should not modify system startup configurations, crontabs, LaunchAgents, systemd services, or shell profiles. | Manifest | skills/therohitdas/youtube-playlist/scripts/tapi-auth.js:467 | |
| CRITICAL | Persistence / self-modification instructions Shell RC file modification for persistence Remove any persistence mechanisms. Skills should not modify system startup configurations, crontabs, LaunchAgents, systemd services, or shell profiles. | Manifest | skills/therohitdas/youtube-playlist/scripts/tapi-auth.js:468 | |
| CRITICAL | Persistence / self-modification instructions Shell RC file modification for persistence Remove any persistence mechanisms. Skills should not modify system startup configurations, crontabs, LaunchAgents, systemd services, or shell profiles. | Manifest | skills/therohitdas/youtube-playlist/scripts/tapi-auth.js:472 | |
| CRITICAL | Persistence / self-modification instructions Shell RC file modification for persistence Remove any persistence mechanisms. Skills should not modify system startup configurations, crontabs, LaunchAgents, systemd services, or shell profiles. | Manifest | skills/therohitdas/youtube-playlist/scripts/tapi-auth.js:473 | |
| CRITICAL | Persistence / self-modification instructions Shell RC file modification for persistence Remove any persistence mechanisms. Skills should not modify system startup configurations, crontabs, LaunchAgents, systemd services, or shell profiles. | Manifest | skills/therohitdas/youtube-playlist/scripts/tapi-auth.js:581 | |
| CRITICAL | Persistence / self-modification instructions Shell RC file modification for persistence Remove any persistence mechanisms. Skills should not modify system startup configurations, crontabs, LaunchAgents, systemd services, or shell profiles. | Manifest | skills/therohitdas/youtube-playlist/scripts/tapi-auth.js:688 | |
| HIGH | Potential Command Injection via unsanitized user input in shell commands The skill's documentation (`SKILL.md`) provides templates for shell commands (`node` and `curl`) that incorporate user-provided inputs (e.g., `USER_EMAIL`, `TOKEN_FROM_STEP_1`, `CODE`, `PL_PLAYLIST_ID`, `VIDEO_ID`). If the LLM agent directly interpolates unsanitized user input into these shell commands without proper escaping or sanitization, a malicious user could inject arbitrary shell commands. For example, providing `foo@bar.com; rm -rf /` as an email could lead to arbitrary code execution if not handled correctly by the agent. The LLM agent must sanitize or properly escape all user-provided inputs before constructing and executing shell commands. For `node` arguments, ensure proper quoting or use a safe execution mechanism. For `curl` URL parameters, ensure they are URL-encoded and the entire command is constructed to prevent shell metacharacter interpretation. | LLM | SKILL.md:17 |
Scan History
Embed Code
[](https://skillshield.io/report/d554b8c64d61e9f4)
Powered by SkillShield