Trust Assessment
rspress-v2-upgrade received a trust score of 82/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 2 findings: 0 critical, 1 high, 1 medium, and 0 low severity. Key findings include Potential Command Injection via `npx taze`, Supply Chain Risk from Unpinned Dependency Updates.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on June 1, 2026 (commit 76880945). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings2
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Potential Command Injection via `npx taze` The skill executes `npx taze major --include /rspress/ -w -r`, which directly invokes a shell command. While the arguments are fixed in this context, direct execution of external commands represents a command injection vector. If the `taze` tool itself has vulnerabilities, or if the execution environment is compromised, this could potentially lead to arbitrary code execution. Avoid direct execution of shell commands within skills. If command execution is absolutely necessary, ensure it occurs within a strictly sandboxed environment with minimal privileges. Consider using a more controlled and secure method for dependency management that does not rely on arbitrary command execution. | LLM | SKILL.md:21 | |
| MEDIUM | Supply Chain Risk from Unpinned Dependency Updates The skill uses `npx taze major --include /rspress/ -w -r` to update Rspress-related packages to their latest major versions. This practice introduces a supply chain risk, as a malicious actor could publish a new major version of a dependency (or a typosquatting package) that contains harmful code. Automatically updating to the latest major version without human review or robust security checks can lead to the introduction of vulnerabilities or backdoors. Pin dependencies to specific versions or use a more controlled update process (e.g., dependabot, manual review). Avoid automatically updating to the latest major versions in an automated skill without human oversight or robust security checks. If `taze` must be used, consider using it in a 'check-only' mode or with more restrictive version ranges. | LLM | SKILL.md:21 |
Scan History
Embed Code
[](https://skillshield.io/report/642bc80079d9e91a)
Powered by SkillShield