Trust Assessment
wordpress-router received a trust score of 65/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 2 findings: 1 critical, 0 high, 1 medium, and 0 low severity. Key findings include Execution of Arbitrary Commands from Target Repository, Skill Executes Local Node.js Script.
The analysis covered 4 layers: dependency_graph, llm_behavioral_safety, manifest_analysis, static_code_analysis. The llm_behavioral_safety layer scored lowest at 63/100, indicating areas for improvement.
Last analyzed on February 11, 2026 (commit cdc950d5). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings2
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Execution of Arbitrary Commands from Target Repository The skill's verification procedure instructs the agent to 'Run the repo’s lint/test/build commands that the triage output recommends'. The triage script scans the user's repository, and its recommendations are then used to form commands for execution. This allows a malicious repository to define arbitrary commands in its configuration files (e.g., `package.json` scripts, `composer.json` scripts, `Makefile`) that the agent will then execute. This can lead to arbitrary code execution on the agent's host. Furthermore, if the agent runs package installation commands like `npm install` or `composer install` as part of the build process, it becomes vulnerable to supply chain attacks from malicious dependencies defined in the target repository. Do not execute commands discovered in the target repository directly. The agent should either (1) inform the user of the recommended commands and ask for explicit permission to run each one, or (2) execute commands only within a sandboxed, isolated environment with no access to the host system, network, or sensitive data. The skill should be rewritten to guide the agent through this safer process. | Unknown | SKILL.md:25 | |
| MEDIUM | Skill Executes Local Node.js Script The skill's procedure instructs the agent to execute a local Node.js script (`node skills/wp-project-triage/scripts/detect_wp_project.mjs`). While the script is part of the skill package, this grants the skill the ability to execute code on the host system. Any vulnerability within this script or its dependencies could be exploited. This establishes a baseline capability for code execution that the agent host must be aware of and properly sandbox. Ensure the agent executes all skill-defined commands, including this one, within a strictly sandboxed environment with minimal necessary permissions (e.g., read-only access to the target repository, no network access unless explicitly required). The script `detect_wp_project.mjs` and its dependencies should be audited for security vulnerabilities. | Unknown | SKILL.md:15 |
Scan History
Embed Code
[](https://skillshield.io/report/6e6cbe35d25a6b7b)
Powered by SkillShield