Security Audit

migrate-skills-between-libraries

github.com/skillcreatorai/Ai-Agent-Skills

AI SkillCommit 039ad59e2a12

TRUSTED

Scanned 3 days ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

migrate-skills-between-libraries received a trust score of 78/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.

SkillShield's automated analysis identified 2 findings: 0 critical, 1 high, 1 medium, and 0 low severity. Key findings include Potential Command Injection via Unsanitized User Input in Shell Commands, Unpinned Dependency Version for `npx` Command.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.

Last analyzed on June 1, 2026 (commit 039ad59e). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

100%

Static Code Analysis

78%

Dependency Graph

100%

LLM Behavioral Safety

100%

Behavioral Risk Signals

Network Access

1 finding

Filesystem Write

1 finding

Shell Execution

2 findings

Dynamic Code

1 finding

Security Findings2

Severity	Finding	Layer	Location
HIGH	Potential Command Injection via Unsanitized User Input in Shell Commands The skill provides shell commands that include placeholders like `<name>`, `<workArea>`, `<branch>`, `<owner>/<repo>`, and `/path/to/source-library`. If these placeholders are populated directly from untrusted user or LLM input without proper sanitization or escaping, a malicious string (e.g., `my_skill; rm -rf /`) could lead to arbitrary command execution on the host system. This risk applies to `cd` commands and arguments passed to `npx ai-agent-skills`. When constructing shell commands from user or LLM input, always sanitize and escape all variables to prevent command injection. For paths, ensure they are validated and properly quoted. For arguments, use libraries or functions that correctly escape shell metacharacters or pass arguments as separate elements to `subprocess.run` (or equivalent) instead of a single string.	Static	SKILL.md:20
MEDIUM	Unpinned Dependency Version for `npx` Command The skill uses `npx ai-agent-skills` without specifying a version (e.g., `ai-agent-skills@4.1.0`). This means `npx` will always fetch and execute the latest available version of the `ai-agent-skills` package. If a malicious update to `ai-agent-skills` is published, this skill would automatically execute the compromised version, introducing a supply chain risk. Pin the version of the `ai-agent-skills` package used in `npx` commands to a known good version (e.g., `npx ai-agent-skills@4.1.0`). This ensures deterministic behavior and mitigates the risk of automatically pulling in a compromised future version. Regularly review and update the pinned version as needed.	Static	SKILL.md:21

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/27db62020706081e.svg)](https://skillshield.io/report/27db62020706081e)