First Seen
Feb 18, 2026
Last Scanned
Feb 20, 2026
Findings
3
Score
84/100
Findings (3)
Detects Python subprocess and os.system calls for command execution in skill descriptions
os.system(Pass arguments as an explicit list instead of a shell string. Set shell=False and validate all user-supplied values before inclusion.
Likely FP if the match is in documentation explaining Python subprocess usage or in a description mentioning it as a topic.
Detects subprocess calls with shell=True which enables shell injection
shell=TrueReplace shell=True with shell=False and pass command arguments as a list. Validate and sanitize all inputs before passing to the shell.
Likely FP if the match is in documentation describing how subprocess works, or in a comment explaining shell risks rather than actual code.
Detects skills that include unscoped Bash in their allowed tools list (not Bash(cmd:*) scoped)
allowed-tools: Bash,Scope the Bash tool to specific commands using allowedTools patterns (e.g., Bash(git *) instead of bare Bash). Remove blanket Bash access from allowed_tools lists.
Likely FP if the Bash entry in allowed_tools is part of a constrained configuration that limits commands elsewhere (e.g., via system prompt restrictions).