Security Audit
snyk/agent-scan:tests/skills/doc-coauthoring
github.com/snyk/agent-scanTrust Assessment
snyk/agent-scan:tests/skills/doc-coauthoring received a trust score of 80/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 3 findings: 0 critical, 1 high, 2 medium, and 0 low severity. Key findings include Potential Command Injection via User-Influenced Filename, Reliance on Potentially Overly Permissive Integrations, Potential Data Exfiltration via User-Provided External Content.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on March 1, 2026 (commit 30a672c5). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Potential Command Injection via User-Influenced Filename The skill instructs the LLM to create files using a `create_file` tool and derive the filename from user input (e.g., document type). If the underlying `create_file` tool is implemented as a shell command or similar execution primitive without robust sanitization of the filename, a malicious user could inject shell commands (e.g., `my_doc.md; rm -rf /`) or perform path traversal (e.g., `../../../../etc/passwd`) to access or modify unauthorized files. Ensure the `create_file` tool strictly sanitizes all user-provided or user-influenced filename components. Implement a whitelist of allowed characters for filenames and enforce a specific, sandboxed working directory. Prevent path traversal sequences (e.g., `..`, `/`) and shell metacharacters (e.g., `;`, `|`, `&`, `$`). | LLM | SKILL.md:137 | |
| MEDIUM | Reliance on Potentially Overly Permissive Integrations The skill's workflow heavily relies on 'integrations' (e.g., Slack, Teams, Google Drive, SharePoint, 'other MCP servers') to 'pull in context directly' and 'read the current state' of documents and channels. While the skill itself doesn't define the scope, if these integrations are configured with broad read/write access to sensitive corporate data, it introduces a significant risk of unauthorized data access or modification if the LLM is compromised or misdirected. The skill does not consistently require explicit user confirmation for all data access via these integrations. Review and enforce the principle of least privilege for all integrated tools. Ensure that integrations only have the minimum necessary permissions to perform their intended functions. Implement granular access controls and require explicit user confirmation for accessing sensitive data sources, even if the skill doesn't explicitly state it. Document the exact scope of data access for each integration. | LLM | SKILL.md:99 | |
| MEDIUM | Potential Data Exfiltration via User-Provided External Content The skill instructs the LLM to fetch content from user-provided links to shared documents or read user-provided files. While intended for legitimate context gathering, this mechanism could be abused by a malicious user to instruct the LLM to access and process sensitive data from internal network resources (via links) or local files (via paths) that the LLM's execution environment has access to. The LLM could then inadvertently expose this sensitive content in its responses. Implement strict validation and sanitization for all user-provided links and file paths. Restrict file access to a sandboxed, temporary directory. For links, ensure they point to trusted domains or require explicit user confirmation before accessing external resources. Implement content filtering and data loss prevention (DLP) mechanisms to prevent sensitive information from being inadvertently included in LLM outputs. | LLM | SKILL.md:70 |
Scan History
Embed Code
[](https://skillshield.io/report/642c6002b13f51a1)
Powered by SkillShield