Security Audit

install-from-remote-library

github.com/skillcreatorai/Ai-Agent-Skills

AI SkillCommit 039ad59e2a12

CAUTION

Scanned 4 days ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

install-from-remote-library received a trust score of 73/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.

SkillShield's automated analysis identified 2 findings: 0 critical, 2 high, 0 medium, and 0 low severity. Key findings include Potential Command Injection via Unsanitized Arguments, Installation of Untrusted Code from Remote Repositories.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.

Last analyzed on June 1, 2026 (commit 039ad59e). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

100%

Static Code Analysis

100%

Dependency Graph

100%

LLM Behavioral Safety

70%

Behavioral Risk Signals

Shell Execution

2 findings

Dynamic Code

1 finding

Security Findings2

Severity	Finding	Layer	Location
HIGH	Potential Command Injection via Unsanitized Arguments The skill defines shell commands using placeholders such as `<owner>/<repo>`, `<skill-name>`, and `<collection>`. If an AI agent substitutes user-controlled input directly into these placeholders without proper sanitization (e.g., escaping shell metacharacters or validating input), it could lead to arbitrary command execution on the host system. This is a common vulnerability when constructing shell commands from untrusted input. Implement robust input sanitization and validation for all user-provided arguments before constructing and executing shell commands. Consider using a library or framework that automatically handles command argument escaping. If possible, use an API that doesn't involve direct shell command construction.	LLM	SKILL.md:17
HIGH	Installation of Untrusted Code from Remote Repositories The skill's primary function is to instruct the agent to install skills from arbitrary remote repositories (`<owner>/<repo>`). This introduces a significant supply chain risk, as installing code from an untrusted or compromised source can lead to the execution of malicious software, data exfiltration, or system compromise. While the skill suggests `--list` and `--dry-run` as precautionary steps, these measures are insufficient to guarantee the safety of a remote skill package, especially against sophisticated attacks or malicious post-install scripts. Implement a strict allowlist of trusted skill repositories and/or specific skill packages. Require manual review and approval for any new skill sources. Consider sandboxing the installation process to limit potential damage from malicious packages. Educate users on the risks of installing skills from unknown sources.	LLM	SKILL.md:17

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/6dc984a387a3a380.svg)](https://skillshield.io/report/6dc984a387a3a380)