Security Audit

typefully/agent-skills:skills/typefully

github.com/typefully/agent-skills

AI SkillCommit e7a05b90493c

CAUTION

Scanned about 1 month ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

typefully/agent-skills:skills/typefully received a trust score of 65/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.

SkillShield's automated analysis identified 2 findings: 1 critical, 1 high, 0 medium, and 0 low severity. Key findings include Agent can exfiltrate local files via `media:upload` command, Broad Bash permission allows arbitrary arguments to `typefully.js`.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 55/100, indicating areas for improvement.

Last analyzed on May 1, 2026 (commit e7a05b90). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

100%

Static Code Analysis

100%

Dependency Graph

100%

LLM Behavioral Safety

55%

Behavioral Risk Signals

Filesystem Write

2 findings

Shell Execution

2 findings

Excessive Permissions

2 findings

Security Findings2

Severity	Finding	Layer	Location
CRITICAL	Agent can exfiltrate local files via `media:upload` command The `typefully.js` script's `media:upload` command takes a `<file_path>` argument, which is then read using `fs.readFileSync` and `fs.createReadStream` and uploaded to the Typefully API. The agent is instructed to use this command in `SKILL.md` and has `Bash(./scripts/typefully.js:*)` permissions, allowing it to specify any local file path. A malicious prompt could instruct the agent to upload sensitive files (e.g., `/etc/passwd`, `~/.ssh/id_rsa`, `~/.aws/credentials`), leading to data exfiltration. Restrict the `media:upload` command to only allow specific file types or directories, or implement a sandbox for file access. Alternatively, remove the `media:upload` capability if not strictly necessary, or require explicit user confirmation for each file upload.	LLM	scripts/typefully.js:10
HIGH	Broad Bash permission allows arbitrary arguments to `typefully.js` The skill declares `Bash(./scripts/typefully.js:*)` permission, allowing the agent to execute the `typefully.js` script with any arguments. While the script itself handles arguments internally, this broad permission, in conjunction with commands like `media:upload` (which accepts arbitrary file paths), creates a significant risk of data exfiltration or other unintended actions if the agent is prompted maliciously. Restrict the `Bash` permission to only allow specific commands and argument patterns for `typefully.js`, or implement a more granular tool definition that limits the scope of file paths accessible to the `media:upload` command.	LLM	SKILL.md:4

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/f19509888e126221.svg)](https://skillshield.io/report/f19509888e126221)