{ "trust": { "tier": "Dangerous", "emoji": "🔴", "description": "Multiple critical issues — do not install without thorough manual review", "score": 20 }, "format": "skill", "skill": { "name": "input-guard", "description": "Scan untrusted external text (web pages, tweets, search results, API responses) for prompt injection attacks. Returns severity levels and alerts on dangerous content. Use BEFORE processing any text from untrusted sources.", "version": null, "slug": "input-guard" }, "scores": { "security": 0, "transparency": 6, "maintenance": 7, "overall": 2 }, "permissions": { "summary": "No declared permissions — minimal attack surface.", "environmentVariables": [], "binaries": [], "envVarCount": 0, "requiredBinCount": 0 }, "compoundThreats": [ { "id": "c2_channel", "severity": "critical", "description": "Receives external input AND executes processes — command & control channel", "capabilities": [ "network_in", "process_exec" ], "owasp": [ "LLM05", "LLM06" ], "owaspAsi": [ "ASI10" ] }, { "id": "process_exfiltration", "severity": "high", "description": "Executes processes AND sends data externally — may exfiltrate command output", "capabilities": [ "process_exec", "network_out" ], "owasp": [ "LLM02", "LLM06" ], "owaspAsi": [ "ASI03" ] } ], "permissionIntegrity": [ { "type": "undeclared_capability", "severity": "high", "description": "Makes network requests but does not declare curl/wget in required binaries", "declared": [], "actual": "network_out", "owasp": [ "LLM06" ], "owaspAsi": [ "ASI02" ] } ], "capabilities": [ "network_out", "process_exec", "network_in" ], "findings": [ { "severity": "critical", "category": "shell_injection", "description": "Pipe to bash — executes piped content as shell commands", "zone": "code", "zoneContext": "instruction", "file": "SKILL.md", "downgraded": false, "sample": "| bash", "owasp": [ "LLM05", "LLM06" ], "owaspAsi": [ "ASI02", "ASI05" ], "confidence": "pattern" }, { "severity": "critical", "category": "shell_injection", "description": "Pipe to python — executes piped content as Python code", "zone": "code", "zoneContext": "instruction", "file": "SKILL.md", "downgraded": false, "sample": "| python3", "owasp": [ "LLM05", "LLM06" ], "owaspAsi": [ "ASI02", "ASI05" ], "confidence": "pattern" }, { "severity": "high", "category": "code_execution", "description": "subprocess execution — runs system commands from Python", "zone": "code", "zoneContext": "instruction", "file": "SKILL.md", "downgraded": false, "sample": "subprocess.run(", "owasp": [ "LLM05", "LLM06" ], "owaspAsi": [ "ASI02", "ASI05" ], "confidence": "pattern" }, { "severity": "critical", "category": "obfuscation", "description": "Unicode homoglyph detected — uses lookalike characters to evade pattern matching", "zone": "prose", "zoneContext": "example_threat", "file": "evals/cases.json", "downgraded": false, "sample": "", "owasp": [ "LLM01", "LLM03" ], "owaspAsi": [ "ASI04", "ASI10" ], "confidence": "pattern" }, { "severity": "high", "category": "shell_injection", "description": "References sudo — requests elevated privileges", "zone": "code", "zoneContext": "instruction", "file": "README.md", "downgraded": false, "sample": "sudo", "owasp": [ "LLM05", "LLM06" ], "owaspAsi": [ "ASI02", "ASI05" ], "confidence": "pattern" }, { "severity": "high", "category": "shell_injection", "description": "apt-get install — installs system packages", "zone": "code", "zoneContext": "instruction", "file": "README.md", "downgraded": false, "sample": "apt-get install", "owasp": [ "LLM05", "LLM06" ], "owaspAsi": [ "ASI02", "ASI05" ], "confidence": "pattern" }, { "severity": "low", "category": "credentials", "description": "Python os.environ.get — reads environment variable", "zone": "prose", "zoneContext": "documentation", "file": "scripts/get_taxonomy.py", "downgraded": true, "sample": "os.environ.get(", "owasp": [ "LLM02" ], "owaspAsi": [ "ASI03" ], "confidence": "pattern" }, { "severity": "low", "category": "exfiltration", "description": "POSTs data to external URL", "zone": "prose", "zoneContext": "documentation", "file": "scripts/llm_scanner.py", "downgraded": true, "sample": ".post(\n \"https://", "owasp": [ "LLM02" ], "owaspAsi": [ "ASI03" ], "confidence": "pattern" }, { "severity": "critical", "category": "threat_intelligence", "description": "URL flagged by 9/95 VirusTotal engines: http://evil.com/payload.sh", "zone": "code", "zoneContext": "instruction", "file": null, "downgraded": false, "sample": "http://evil.com/payload.sh", "owasp": [ "LLM03" ], "owaspAsi": [ "ASI04" ], "confidence": "external" } ], "summary": { "total": 9, "critical": 4, "high": 3, "medium": 0, "low": 2, "compoundThreats": 2, "integrityIssues": 1 }, "trustSignals": { "positive": [ { "signal": "described", "positive": true, "detail": "Has meaningful description" }, { "signal": "minimal_env", "positive": true, "detail": "No environment variables required" }, { "signal": "documented", "positive": true, "detail": "SKILL.md has substantial documentation" } ], "negative": [ { "signal": "versioned", "positive": false, "detail": "No version declared" }, { "signal": "complex_structure", "positive": false, "detail": "15 files — larger attack surface" } ] }, "files": { "hasExecutableCode": true, "executableFiles": [ "evals/run.py", "scripts/get_taxonomy.py", "scripts/llm_scanner.py", "scripts/report-to-molthreats.sh", "scripts/scan.py", "scripts/scan.sh" ], "totalFiles": 15 }, "humanSummary": "input-guard scores 20/100 (Dangerous). It declares no permissions. Receives external input AND executes processes — command & control channel. 1 undeclared capability detected — the skill does more than its permissions suggest. 3 critical pattern matches in code.", "auditedAt": "2026-04-23T03:41:54.513Z", "vtEnrichment": { "checked": 3, "flagged": 1, "urls": [ { "url": "https://keepachangelog.com/", "malicious": 0, "suspicious": 0, "engines": 91, "cached": true }, { "url": "https://semver.org/", "malicious": 0, "suspicious": 0, "engines": 91, "cached": true }, { "url": "http://evil.com/payload.sh", "malicious": 9, "suspicious": 1, "engines": 95, "cached": false } ] } }