Trust Assessment
brand-landingpage received a trust score of 65/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 3 findings: 1 critical, 1 high, 1 medium, and 0 low severity. Key findings include Unsanitized user input in shell command (zip), Unspecified SDK installation method poses supply chain risk, Potential command injection in file opening commands.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 48/100, indicating areas for improvement.
Last analyzed on June 1, 2026 (commit 0818067b). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Unsanitized user input in shell command (zip) The skill instructs the agent to use the user-provided `project-name` directly in a shell `zip` command (`zip -r "{project-name}-landing-page.zip" "{project-name}-landing-page/"`). If the `project-name` contains shell metacharacters (e.g., `"; rm -rf /;"`), this could lead to arbitrary command execution on the host system, allowing an attacker to execute malicious code. Sanitize the `project-name` thoroughly before using it in any shell commands, escaping all shell metacharacters. A safer approach would be to use a programmatic zip library in the agent's runtime environment that does not involve direct shell execution. | LLM | SKILL.md:199 | |
| HIGH | Unspecified SDK installation method poses supply chain risk The skill instructs the agent to 'install' the Stitch SDK if it's missing, without specifying a precise command, version, or trusted source. This broad instruction could lead the agent to execute arbitrary installation commands (e.g., `pip install <package>`), potentially pulling malicious packages, introducing vulnerabilities, or installing untrusted software if the agent's interpretation is not sufficiently constrained or sandboxed. Provide a precise, version-pinned installation command from a trusted source (e.g., `pip install stitch-sdk==X.Y.Z` or `npm install @stitch-design/sdk@X.Y.Z`). Ensure the agent's execution environment is sandboxed to prevent arbitrary package installations and limit access to package registries. | LLM | SKILL.md:45 | |
| MEDIUM | Potential command injection in file opening commands The skill instructs the agent to open locally saved HTML files using OS-specific shell commands (`open`, `xdg-open`, `start`). While the filenames (`desktop-vN.html`) are internally generated, the full path to these files might implicitly or explicitly incorporate user-controlled elements (such as the `project-name` if it influences the working directory or parent path). If any part of the path passed to these commands is not properly sanitized, it could lead to command injection. Ensure all components of the file path passed to `open`, `xdg-open`, or `start` commands are thoroughly sanitized to prevent shell metacharacters from being interpreted as commands. Prefer using programmatic methods to open files in a browser if available, rather than direct shell execution. | LLM | SKILL.md:145 |
Scan History
Embed Code
[](https://skillshield.io/report/2a6f05e1222bec57)
Powered by SkillShield