Trust Assessment
provider-upgrade received a trust score of 85/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 1 finding: 0 critical, 1 high, 0 medium, and 0 low severity. Key findings include Potential Command Injection via unsanitized variables in package manager commands.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on April 1, 2026 (commit bbf441e6). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Potential Command Injection via unsanitized variables in package manager commands The skill instructs the agent to construct and execute shell commands for various package managers (npm, yarn, pip, go, dotnet). Variables such as `{provider}`, `{version}`, and `{major}` are directly interpolated into these commands. If these variables originate from untrusted input (e.g., user-provided package names or versions) and are not properly sanitized or escaped by the agent before execution, an attacker could inject arbitrary shell commands. For example, a malicious `provider` name like `pulumi-aws; rm -rf /` could lead to arbitrary code execution on the agent's host. Ensure that all variables interpolated into shell commands (`{provider}`, `{version}`, `{major}`) are strictly validated and properly escaped for the target shell environment before command execution. Prefer using parameterized command execution functions provided by the agent's runtime environment if available, or implement robust input sanitization. | Static | SKILL.md:79 |
Scan History
Embed Code
[](https://skillshield.io/report/f032f8d2ee01c876)
Powered by SkillShield