Security Audit
claude-dev-suite/claude-dev-suite:skills/api-design/trpc
github.com/claude-dev-suite/claude-dev-suiteTrust Assessment
claude-dev-suite/claude-dev-suite:skills/api-design/trpc received a trust score of 72/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 1 finding: 1 critical, 0 high, 0 medium, and 0 low severity. Key findings include Prompt Injection via Tool Call Instruction.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on March 16, 2026 (commit 8c8434ef). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Prompt Injection via Tool Call Instruction The untrusted skill content contains an explicit instruction to the host LLM to use a tool (`mcp__documentation__fetch_docs`). This is a direct attempt to manipulate the LLM's behavior by injecting commands or instructions from untrusted input, which could lead to unintended tool usage or information disclosure if the LLM were to follow it. Remove any instructions or commands intended for the host LLM from the untrusted content. Untrusted content should be treated as data, not as instructions. If tool usage is intended, it should be explicitly defined and controlled by the skill's trusted code or configuration, not embedded within user-provided or untrusted documentation. | LLM | SKILL.md:4 |
Scan History
Embed Code
[](https://skillshield.io/report/9b050863f16f7645)
Powered by SkillShield