Security Audit
systematic-debugging
github.com/sickn33/antigravity-awesome-skillsTrust Assessment
systematic-debugging received a trust score of 85/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 1 finding: 0 critical, 1 high, 0 medium, and 0 low severity. Key findings include Unquoted variable in 'cat' command leads to command injection.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 20, 2026 (commit e36d6fd3). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Unquoted variable in 'cat' command leads to command injection The `cat` command on line 42 of `find-polluter.sh` uses the `$TEST_FILE` variable without quotes. This allows for arbitrary command execution if the `TEST_FILE` variable contains shell metacharacters (e.g., semicolons, backticks, command substitutions, or spaces/globs leading to unexpected file arguments). An attacker could craft a test filename to execute malicious commands when this script is run. Always quote shell variables when they contain user-controlled or untrusted data, especially when used in commands. Change `cat $TEST_FILE` to `cat "$TEST_FILE"`. Additionally, consider validating the `TEST_FILE` variable to ensure it only contains safe path characters. | LLM | find-polluter.sh:42 |
Scan History
Embed Code
[](https://skillshield.io/report/c8f6c5eb994e68c8)
Powered by SkillShield