Security Audit

gitops-workflow

github.com/wshobson/agents

AI SkillCommit 5d65aa10638b

TRUSTED

Scanned 9 days ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

gitops-workflow received a trust score of 86/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.

SkillShield's automated analysis identified 2 findings: 0 critical, 0 high, 2 medium, and 0 low severity. Key findings include Supply Chain Risk: Unpinned Remote Resource Execution, Supply Chain Risk: Unpinned Remote Script Execution with Sudo.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.

Last analyzed on February 11, 2026 (commit 5d65aa10). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

100%

Static Code Analysis

86%

Dependency Graph

100%

LLM Behavioral Safety

100%

Behavioral Risk Signals

Network Access

2 findings

Shell Execution

2 findings

Excessive Permissions

1 finding

Security Findings2

Severity	Finding	Layer	Location
MEDIUM	Supply Chain Risk: Unpinned Remote Resource Execution The skill's installation instructions recommend executing remote scripts and applying remote Kubernetes manifests that are not pinned to a specific version or commit hash. This introduces a supply chain risk, as the content at the remote URL could change maliciously, leading to the execution of arbitrary code on the user's system or deployment of compromised configurations to their Kubernetes cluster. For example, the ArgoCD manifest is fetched from a 'stable' branch, and the Flux installation script is fetched directly from a URL without version pinning. Pin remote resources to specific, immutable versions (e.g., commit hashes, release tags) instead of mutable branches or latest versions. For example, use `https://raw.githubusercontent.com/argoproj/argo-cd/<VERSION>/manifests/install.yaml` or provide a checksum for the script.	Static	SKILL.md:29
MEDIUM	Supply Chain Risk: Unpinned Remote Script Execution with Sudo The skill's installation instructions recommend piping a remote script directly to `sudo bash` without any form of content verification or version pinning. This is a significant supply chain risk, as a compromise of the `fluxcd.io` domain or the `install.sh` script could lead to the execution of arbitrary code with root privileges on the user's machine. The script is fetched from a mutable URL, not a specific version. Avoid piping remote scripts directly to `sudo bash`. If necessary, download the script, inspect its content, verify its checksum against a trusted source, and then execute it. Ensure the script is fetched from a versioned URL or a specific commit hash to prevent unexpected changes.	Static	SKILL.md:70

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/9fefc4a9c60439b3.svg)](https://skillshield.io/report/9fefc4a9c60439b3)