Security Audit

Sounder25/Google-Antigravity-Skills-Library:03_sync_repos

github.com/Sounder25/Google-Antigravity-Skills-Library

AI SkillCommit 09376edc64e9

TRUSTED

Scanned about 1 month ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

Sounder25/Google-Antigravity-Skills-Library:03_sync_repos received a trust score of 83/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.

SkillShield's automated analysis identified 2 findings: 0 critical, 1 high, 1 medium, and 0 low severity. Key findings include Potential Command Injection via User-Provided Paths, Excessive Permissions for Repository Modification.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.

Last analyzed on February 28, 2026 (commit 09376edc). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

100%

Static Code Analysis

100%

Dependency Graph

100%

LLM Behavioral Safety

78%

Behavioral Risk Signals

Filesystem Write

2 findings

Shell Execution

2 findings

Dynamic Code

2 findings

Excessive Permissions

1 finding

Security Findings2

Severity	Finding	Layer	Location
HIGH	Potential Command Injection via User-Provided Paths The skill accepts user-provided file paths (`--repos`, `--reference`) which are then used by an underlying PowerShell script (`sync_repos.ps1`) to interact with git repositories. If these paths are not properly sanitized, validated, and escaped before being used in shell commands (e.g., `git` commands), an attacker could inject arbitrary commands by crafting malicious path strings. The `--apply` flag, which enables write operations (fast-forward/merge), increases the potential impact of such an injection. Implement robust input validation and sanitization for all user-provided path parameters (`--repos`, `--reference`). Ensure that any external commands executed by `sync_repos.ps1` (e.g., `git`) use proper argument arrays or secure quoting/escaping mechanisms to prevent command injection. Avoid direct string concatenation of user input into shell commands. For critical operations enabled by `--apply`, consider adding an explicit user confirmation step.	LLM	SKILL.md:24
MEDIUM	Excessive Permissions for Repository Modification The skill, when invoked with the `--apply` flag, is designed to perform write operations (fast-forward/merge) on local git repositories. While this is the intended functionality, it grants the skill significant modification capabilities over the user's codebase. If combined with a command injection vulnerability, this could lead to unauthorized code changes or data loss. The explicit 'Unsafe' warning for `--apply` acknowledges this risk. Ensure that the `--apply` functionality is protected by strict safety checks (as partially described in the 'Safety/QA Checks' section). Consider implementing a 'dry-run' mode for `--apply` to show proposed changes before actual execution. If possible, restrict the execution environment of the skill to minimize its impact radius. Emphasize the 'Unsafe' nature of the flag in user-facing documentation and potentially require explicit confirmation from the user before proceeding with write operations.	LLM	SKILL.md:26

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/257a08c205320108.svg)](https://skillshield.io/report/257a08c205320108)