Skill Studio — Local Skill Marketplace for AI Agents

Skill Studio — Local Skill Marketplace for AI Agents

<< Back to security report

──skillcreatorai/ai-agent-skills/expo-deployment — semgrep Scan

Repositoryskillcreatorai/ai-agent-skills →

Commit039ad59 →

VerdictFAIL

Score55

DateMay 14, 2026

──Findings

Severity	Rule	Message	File:Line
HIGH	javascript.lang.security.detect-child-process.detect-child-process	Detected calls to child_process from a function argument `action`. This could lead to a command injection if the input is user controllable. Try to avoid calls to child_process, and if it is needed ensure user input is correctly sanitized or sandboxed.	skillcreatorai/ai-agent-skills/expo-deployment-f3a5f500/cli.js:4263 →
HIGH	javascript.lang.security.detect-child-process.detect-child-process	Detected calls to child_process from a function argument `command`. This could lead to a command injection if the input is user controllable. Try to avoid calls to child_process, and if it is needed ensure user input is correctly sanitized or sandboxed.	skillcreatorai/ai-agent-skills/expo-deployment-f3a5f500/scripts/test-live.js:103 →
HIGH	javascript.lang.security.detect-child-process.detect-child-process	Detected calls to child_process from a function argument `cmd`. This could lead to a command injection if the input is user controllable. Try to avoid calls to child_process, and if it is needed ensure user input is correctly sanitized or sandboxed.	skillcreatorai/ai-agent-skills/expo-deployment-f3a5f500/test.js:75 →