Trust Assessment
package-usage received a trust score of 55/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 2 findings: 1 critical, 1 high, 0 medium, and 0 low severity. Key findings include Potential Command Injection via Repository Operations and Pulumi CLI, Risk of Data Exfiltration through Repository Cloning and File Access.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The Static Code Analysis layer scored lowest at 55/100, indicating areas for improvement.
Last analyzed on April 1, 2026 (commit bbf441e6). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings2
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Potential Command Injection via Repository Operations and Pulumi CLI The skill explicitly instructs the agent to 'Clone the stack's project repository' and 'Run `pulumi preview`'. If the repository URL, stack name, project name, or other parameters used to construct these commands are derived from untrusted user input, a malicious user could inject arbitrary commands. This could lead to remote code execution on the agent's host. Implement strict input validation and sanitization for all parameters used in constructing shell commands (e.g., repository URLs, project names, stack names). Consider sandboxing the execution environment for repository operations and CLI commands to limit their impact. Avoid direct concatenation of untrusted input into shell commands; use parameterized execution where possible. | Static | SKILL.md:27 | |
| HIGH | Risk of Data Exfiltration through Repository Cloning and File Access The workflow requires cloning a project repository and reading its files (e.g., `Pulumi.yaml`, `package.json`, `requirements.txt`, `go.mod`, `pyproject.toml`) to detect language and update dependencies. If the cloned repository contains sensitive information (e.g., API keys, credentials, private data) and the agent's environment is compromised or the data is not handled securely, this could lead to data exfiltration. The agent gains broad read access to the entire repository content. Ensure that the agent's execution environment is strictly sandboxed and isolated. Implement robust data handling policies to prevent sensitive data from being logged, stored, or transmitted insecurely after cloning. Minimize the scope of files accessed to only what is strictly necessary. Consider using a secure temporary filesystem for cloned repositories that is purged immediately after use. | Static | SKILL.md:27 |
Scan History
Embed Code
[](https://skillshield.io/report/3a0aa06d94b4e07e)
Powered by SkillShield