Trust Assessment
share-a-library received a trust score of 48/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 3 findings: 1 critical, 1 high, 1 medium, and 0 low severity. Key findings include Public exposure of local workspace content, Potential command injection via dynamic repository names, Unpinned `npx` commands introduce supply chain risk.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The Static Code Analysis layer scored lowest at 48/100, indicating areas for improvement.
Last analyzed on June 1, 2026 (commit 039ad59e). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Public exposure of local workspace content The skill uses `gh repo create <owner>/<repo> --public --source=. --remote=origin --push` to publish the entire current working directory to a *public* GitHub repository. If the local workspace contains any sensitive data (e.g., API keys, configuration files, personal data, `.env` files, or private keys), this will lead to severe data exfiltration. The precondition 'The library has been sanity-checked' is a human instruction and does not provide a technical safeguard against this risk. Implement robust technical controls to ensure no sensitive files are present or are explicitly excluded before publishing. Consider making the default repository creation private and requiring explicit confirmation for public exposure. Provide a mechanism for the agent to specify files/directories to exclude from the public repository. | Static | SKILL.md:21 | |
| HIGH | Potential command injection via dynamic repository names The skill constructs shell commands using placeholders like `<owner>/<repo>` for `gh repo create` and `npx ai-agent-skills install`. If the agent derives these values from untrusted user input without proper sanitization or escaping, an attacker could inject shell metacharacters (e.g., `myorg/myrepo; rm -rf /`) leading to arbitrary command execution. Ensure that all dynamic parts of shell commands, especially those derived from user input, are rigorously sanitized or properly escaped before execution to prevent shell injection. The agent should use a safe command execution mechanism that handles arguments securely. | Static | SKILL.md:21 | |
| MEDIUM | Unpinned `npx` commands introduce supply chain risk The skill uses `npx ai-agent-skills build-docs` and `npx ai-agent-skills install` without specifying a version. This means `npx` will fetch and execute the latest available version of `ai-agent-skills`. This introduces a supply chain risk, as a malicious update or a breaking change in a new version of `ai-agent-skills` could compromise the agent's execution or lead to unexpected behavior. Pin `npx` commands to specific, known-good versions (e.g., `npx ai-agent-skills@1.2.3 build-docs`) to mitigate risks from malicious or breaking updates to the `ai-agent-skills` package. Regularly review and update pinned versions. | Static | SKILL.md:16 |
Scan History
Embed Code
[](https://skillshield.io/report/670416215c1633d8)
Powered by SkillShield