Security Audit
PabloLION/bmad-plugin:plugins/bmad/skills/bmad-shard-doc
github.com/PabloLION/bmad-pluginTrust Assessment
PabloLION/bmad-plugin:plugins/bmad/skills/bmad-shard-doc received a trust score of 65/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 3 findings: 1 critical, 1 high, 1 medium, and 0 low severity. Key findings include Potential Command Injection via User-Provided Paths, Unpinned Third-Party Dependency in `npx` Command, Broad File System Write/Delete Permissions.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 48/100, indicating areas for improvement.
Last analyzed on April 11, 2026 (commit 17efb6ce). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Potential Command Injection via User-Provided Paths The skill executes an `npx` command using user-provided `[source-document]` and `[destination-folder]` paths. If these inputs are not properly sanitized or escaped before being passed to the shell, a malicious user could inject arbitrary shell commands (e.g., `my_doc.md; rm -rf /`), leading to remote code execution. Implement robust input sanitization and escaping for all user-provided paths before constructing and executing shell commands. Consider using a safer API for file operations if available, or explicitly passing arguments to the `npx` command in a way that prevents shell interpretation. | LLM | SKILL.md:40 | |
| HIGH | Unpinned Third-Party Dependency in `npx` Command The skill executes `npx @kayvan/markdown-tree-parser` without specifying a version. This means the latest version of the package will always be downloaded and executed. A malicious update to this package by its maintainers, or a compromise of the npm registry, could introduce vulnerabilities or malicious code into the agent's execution environment without explicit review. Pin the dependency to a specific, known-good version (e.g., `npx @kayvan/markdown-tree-parser@1.2.3`). Regularly review and update the pinned version after security checks. | LLM | SKILL.md:40 | |
| MEDIUM | Broad File System Write/Delete Permissions The skill allows the user to specify arbitrary paths for source documents, destination folders, and archive locations. It also includes steps to delete or move the original source document. While intended for markdown files, this broad access, especially the delete/move functionality, could be misused by a malicious user to delete or move critical system files or other sensitive data if they can trick the agent into operating on unintended paths. Implement stricter validation of user-provided paths to ensure they are within expected directories or user-owned spaces. Confirm critical operations like deletion with the user with clear warnings. Consider sandboxing file operations if the execution environment allows. | LLM | SKILL.md:60 |
Scan History
Embed Code
[](https://skillshield.io/report/c1a402138175b10d)
Powered by SkillShield