Trust Assessment
upstream-patches received a trust score of 67/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 2 findings: 1 critical, 0 high, 1 medium, and 0 low severity. Key findings include Unsanitized user input in shell commands leading to command injection, Reliance on unanalyzed local script introduces supply chain risk.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 63/100, indicating areas for improvement.
Last analyzed on April 1, 2026 (commit bbf441e6). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings2
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Unsanitized user input in shell commands leading to command injection The skill's documentation provides numerous examples of shell commands that incorporate user-controlled variables (e.g., `target_sha`, `<files>`, `<new_commit_sha>`, `path/to/file`, `00NN-Description.patch`). If these variables are not properly sanitized or validated by the agent before being interpolated into shell commands, a malicious user could inject arbitrary shell commands. For instance, `target_sha` is used in `git rev-parse "${target_sha}^"`, `git checkout -b "$tmp_branch" "$base_sha"`, and `git cherry-pick "$target_sha"`. Similarly, `<files>` is used in `git add <files>` and `git checkout HEAD^ -- <files>`, and `rm patches/00NN-Description.patch` uses a user-controlled filename. An attacker could craft input containing shell metacharacters (e.g., `;`, `|`, `&`, `$()`) to execute arbitrary commands on the host system, leading to remote code execution, data exfiltration, or system compromise. Implement robust input validation and sanitization for all user-provided arguments before constructing and executing shell commands. For commit SHAs, validate they are valid SHA-1 or SHA-256 hashes. For file paths, ensure they are within expected directories, do not contain path traversal sequences (`..`), and are free of shell metacharacters. When executing commands, prefer using a method that passes arguments as distinct parameters to the underlying process, preventing shell interpretation of argument values, rather than interpolating them directly into a single shell string. | LLM | SKILL.md:67 | |
| MEDIUM | Reliance on unanalyzed local script introduces supply chain risk The skill heavily relies on the execution of `./scripts/upstream.sh` for various critical operations (e.g., `init`, `checkout`, `rebase`, `check_in`). The content and security posture of this script are not provided within the skill context. This introduces a supply chain risk, as the script itself could contain vulnerabilities, perform malicious actions, or be susceptible to command injection if it processes arguments unsafely. Without access to its source code, a complete security assessment of the skill's full execution flow is impossible. Provide the source code for `./scripts/upstream.sh` for security analysis. Ensure the script itself follows secure coding practices, including proper input validation and sanitization for any arguments it processes, and that it is regularly reviewed for vulnerabilities. If the script is not part of the skill package, document its expected behavior and security guarantees. | LLM | SKILL.md:20 |
Scan History
Embed Code
[](https://skillshield.io/report/9e09e18f721ef6e3)
Powered by SkillShield