Security Audit
ailabs-393/ai-labs-claude-skills:packages/skills/research-paper-writer
github.com/ailabs-393/ai-labs-claude-skillsTrust Assessment
ailabs-393/ai-labs-claude-skills:packages/skills/research-paper-writer received a trust score of 85/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 1 finding: 0 critical, 0 high, 1 medium, and 0 low severity. Key findings include Reflected Input in Skill Output Leading to Potential Prompt Injection.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on March 14, 2026 (commit 1a12bc7a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| MEDIUM | Reflected Input in Skill Output Leading to Potential Prompt Injection The `index.js` skill directly reflects the `input` it receives as part of its return message. If this `input` contains malicious instructions (e.g., 'ignore previous instructions' or other prompt injection attempts), and the host LLM processes the skill's output without proper sanitization or context separation, it could lead to prompt injection, allowing an attacker to manipulate the host LLM's subsequent behavior or instructions. Avoid directly reflecting untrusted user input in skill outputs that are fed back to the LLM. If the input must be returned, ensure it is properly sanitized, escaped, or clearly demarcated as user data (e.g., by wrapping it in XML tags or specific delimiters) so that the LLM does not interpret it as instructions. For example, instead of `input`, return `user_input: input` or `raw_user_query: input`. | LLM | index.js:6 |
Scan History
Embed Code
[](https://skillshield.io/report/a98e4c330114edc3)
Powered by SkillShield