Trust Assessment
pulumi-arm-to-pulumi received a trust score of 65/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 3 findings: 0 critical, 3 high, 0 medium, and 0 low severity. Key findings include Potential Command Injection via Unsanitized User Input in `pulumi env run`, Potential Command Injection via Unsanitized User Input in Azure CLI Commands, Potential Command Injection via Unsanitized User Input in `pulumi config set`.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 55/100, indicating areas for improvement.
Last analyzed on April 1, 2026 (commit bbf441e6). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Potential Command Injection via Unsanitized User Input in `pulumi env run` The skill instructs the agent to execute a `pulumi env run` command with placeholders for organization, project, and environment names. If these placeholders are populated directly from untrusted user input without proper sanitization or escaping, a malicious user could inject arbitrary shell commands. This could lead to unauthorized execution within the agent's environment or manipulation of the Pulumi environment selection. Instruct the agent to use a secure method for passing arguments to shell commands, such as using a tool's parameter interface for `pulumi env run` or robustly escaping any user-provided input before constructing the command string. Ensure that the agent's execution environment for shell commands is sandboxed. | LLM | SKILL.md:55 | |
| HIGH | Potential Command Injection via Unsanitized User Input in Azure CLI Commands The skill provides examples of Azure CLI commands (`az resource list`, `az resource show`) that include placeholders like `<resource-group-name>` and `<resource-id>`. If the agent populates these placeholders directly from untrusted user input without proper sanitization or shell escaping, a malicious user could inject arbitrary shell commands. This could lead to unauthorized data access, modification, or deletion within the Azure environment accessible to the agent. Instruct the agent to use a secure method for passing arguments to shell commands, such as using a tool's parameter interface for Azure CLI commands or robustly escaping any user-provided input before constructing the command string. Ensure that the agent's execution environment for shell commands is sandboxed. | LLM | SKILL.md:80 | |
| HIGH | Potential Command Injection via Unsanitized User Input in `pulumi config set` The skill instructs the agent to use `pulumi config set` commands, which involve setting configuration values that can be derived from user input (e.g., `storageAccountName`, `adminPassword`). If these user-provided values are directly interpolated into the shell command without proper sanitization or escaping, a malicious user could inject arbitrary shell commands. Even with the `--secret` flag, command injection is possible if the value itself contains shell metacharacters. Instruct the agent to use a secure method for passing configuration values to `pulumi config set`, ensuring that any user-provided input is robustly escaped before being included in the command string. Ensure that the agent's execution environment for shell commands is sandboxed. | LLM | SKILL.md:160 |
Scan History
Embed Code
[](https://skillshield.io/report/883db7c3d1c3524c)
Powered by SkillShield