Trust Assessment
zoho received a trust score of 65/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 4 findings: 1 critical, 0 high, 1 medium, and 2 low severity. Key findings include Unsanitized argument leads to shell command injection, Broad OAuth scopes requested for Zoho APIs, API keys and tokens exposed in command-line arguments and stdout.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 59/100, indicating areas for improvement.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings4
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Unsanitized argument leads to shell command injection The `scripts/standup-summarizer.sh` script takes a `--date` argument which is directly used in `date -d "${TARGET_DATE} 00:00:00"`. An attacker can inject arbitrary shell commands by providing a malicious string to the `--date` argument (e.g., `2023-01-01; rm -rf /`), leading to remote code execution. Implement strict input validation for the `TARGET_DATE` argument using a regular expression to ensure it strictly matches the expected `YYYY-MM-DD` format before it is used in any shell command. | LLM | scripts/standup-summarizer.sh:37 | |
| MEDIUM | Broad OAuth scopes requested for Zoho APIs The skill's `SKILL.md` recommends requesting `ZohoCRM.modules.ALL` and `ZohoProjects.projects.ALL` scopes during OAuth setup. These scopes grant full read and write access to all CRM modules and project data, respectively. While the documentation mentions that fewer scopes can be requested, the default recommendation promotes a principle of maximum privilege rather than least privilege, increasing the potential impact in case of a credential compromise. Strongly advise users to follow the principle of least privilege by requesting only the minimum necessary OAuth scopes required for their specific use cases. Provide examples of more granular scopes for common tasks. | LLM | SKILL.md:40 | |
| LOW | API keys and tokens exposed in command-line arguments and stdout The `SKILL.md` instructs users to use `zoho token` which prints the access token to stdout. Additionally, the `scripts/standup-summarizer.sh` script uses `GEMINI_API_KEY` directly in the URL query parameters of `curl` commands. While common, passing sensitive API keys in command-line arguments or printing them to stdout can expose them in process lists, shell history, or logs, making them vulnerable to harvesting or exfiltration by other processes or users on the same system. For `zoho token`, advise users to be cautious about where and how they use this command, especially in automated scripts or shared environments. For `GEMINI_API_KEY`, if the API supports it, prefer passing the key in an `Authorization` header or via a secure environment variable that is not directly embedded in the command string, to minimize exposure. | LLM | SKILL.md:18 | |
| LOW | Reliance on unmanaged external system dependencies The `scripts/standup-summarizer.sh` script relies on several external system utilities such as `ffmpeg`, `jq`, `curl`, `date`, and `stat`. There is no explicit dependency management or version pinning for these tools. This introduces a supply chain risk where the skill's functionality and security could be affected by changes, vulnerabilities, or unexpected behavior in these unmanaged system-level dependencies. Document all external system dependencies and their required versions. Consider using a containerized environment or a dependency management system (if applicable for shell scripts, e.g., by checking for specific versions at runtime) to ensure a consistent and secure execution environment. | LLM | scripts/standup-summarizer.sh:1 |
Scan History
Embed Code
[](https://skillshield.io/report/f14980c49eae69f4)
Powered by SkillShield