Security Audit

review-a-skill

github.com/skillcreatorai/Ai-Agent-Skills

AI SkillCommit 039ad59e2a12

TRUSTED

Scanned 3 days ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

review-a-skill received a trust score of 83/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.

SkillShield's automated analysis identified 2 findings: 0 critical, 1 high, 1 medium, and 0 low severity. Key findings include Potential Command Injection via skill-name argument, Supply Chain Risk due to Unpinned `npx` Dependency.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.

Last analyzed on June 1, 2026 (commit 039ad59e). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

100%

Static Code Analysis

100%

Dependency Graph

100%

LLM Behavioral Safety

78%

Behavioral Risk Signals

Network Access

1 finding

Shell Execution

2 findings

Dynamic Code

1 finding

Security Findings2

Severity	Finding	Layer	Location
HIGH	Potential Command Injection via skill-name argument The skill provides instructions to execute `npx ai-agent-skills` commands, using `<skill-name>` as a variable placeholder. If an agent or human substitutes `<skill-name>` with untrusted input (e.g., `'; rm -rf /'`), and the `ai-agent-skills` CLI tool does not properly sanitize its arguments before passing them to the shell, a command injection vulnerability could be exploited. This allows for the execution of arbitrary shell commands. Ensure that the `ai-agent-skills` CLI tool robustly sanitizes all arguments, especially `<skill-name>`, to prevent shell injection. As a skill author, consider adding a guardrail or warning about input sanitization, or recommend using a wrapper that handles argument escaping.	LLM	SKILL.md:16
MEDIUM	Supply Chain Risk due to Unpinned `npx` Dependency The skill instructs the use of `npx ai-agent-skills` without specifying a version. This means `npx` will always fetch and execute the latest available version of the `ai-agent-skills` package from npm. This introduces a supply chain risk, as a malicious update or breaking change in a future version of `ai-agent-skills` could be automatically pulled and executed, potentially leading to unexpected behavior, security vulnerabilities, or skill failures without explicit review. Pin the version of the `ai-agent-skills` package when using `npx` (e.g., `npx ai-agent-skills@4.1.0`). This ensures deterministic execution and prevents unexpected changes or malicious updates from being automatically introduced.	LLM	SKILL.md:16

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/aa35e281eca1962c.svg)](https://skillshield.io/report/aa35e281eca1962c)