Security Audit
Sounder25/Google-Antigravity-Skills-Library:13_env_bash_mastery
github.com/Sounder25/Google-Antigravity-Skills-LibraryTrust Assessment
Sounder25/Google-Antigravity-Skills-Library:13_env_bash_mastery received a trust score of 45/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 3 findings: 1 critical, 2 high, 0 medium, and 0 low severity. Key findings include Direct System Command Execution and Script Generation, Sensitive System Information Output to User-Controlled Directory, Risk of Injection in Generated Execution Scripts.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The Static Code Analysis layer scored lowest at 55/100, indicating areas for improvement.
Last analyzed on February 28, 2026 (commit 09376edc). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Direct System Command Execution and Script Generation The skill explicitly states it requires 'PowerShell access to WMI/CIM or system commands' and 'Checks for `nvidia-smi`'. Its core functionality involves profiling the host machine and generating 'execution scripts' (e.g., `OPTIMIZED_FLAGS.env`). This grants the skill the ability to execute arbitrary commands on the host system and create executable files. This capability, while central to the skill's function, poses a significant risk for command injection, privilege escalation, and arbitrary code execution if not properly sandboxed or if inputs are not thoroughly sanitized. Implement strict sandboxing for skill execution, isolating it from critical system resources. Ensure all external commands and script generation are performed within a highly restricted environment. Validate and sanitize all user-provided inputs (especially for script generation) to prevent injection. Consider using an allow-list for commands and arguments. | Static | SKILL.md:38 | |
| HIGH | Sensitive System Information Output to User-Controlled Directory The skill gathers detailed system information (OS, CPU, RAM, GPU, optimized environment variables) and outputs it to `SYSTEM_PROFILE.json` and `OPTIMIZED_FLAGS.env`. The `--output-dir` parameter allows the user to specify an arbitrary directory for these outputs. An attacker could leverage this to direct sensitive system profiles to a network share, a publicly accessible web directory, or another location under their control, leading to data exfiltration. Restrict the `--output-dir` parameter to a predefined, secure, and non-network-accessible directory. If user-defined paths are necessary, implement strict path validation (e.g., ensure it's within a designated sandbox, prevent absolute paths, disallow `..` traversal, prevent symlinks, and disallow network paths). | Static | SKILL.md:23 | |
| HIGH | Risk of Injection in Generated Execution Scripts The skill's purpose is to 'generate execution scripts' and 'generate hardware aware script' based on system profiling. If any part of the generated script incorporates untrusted input (e.g., from user prompts or other external sources) without proper sanitization, it could lead to prompt injection against the script generation logic or, more critically, command injection within the generated scripts themselves. This could allow an attacker to embed malicious commands into the output scripts, which would then be executed by the user or another automated system. Implement robust input validation and sanitization for all components used in script generation. Use templating engines with strict auto-escaping where possible. Ensure that generated scripts are reviewed or executed in a highly sandboxed environment. Avoid directly embedding untrusted user input into executable script content. | LLM | SKILL.md:10 |
Scan History
Embed Code
[](https://skillshield.io/report/9dc9af16a67fcf48)
Powered by SkillShield