Security Audit
paywall-upgrade-cro
github.com/coreyhaines31/marketingskillsTrust Assessment
paywall-upgrade-cro received a trust score of 86/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 1 finding: 0 critical, 1 high, 0 medium, and 0 low severity. Key findings include Potential Data Exfiltration via Local File Read.
The analysis covered 4 layers: dependency_graph, manifest_analysis, static_code_analysis, llm_behavioral_safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 16, 2026 (commit a04cb61a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Potential Data Exfiltration via Local File Read The skill explicitly instructs the LLM to read the local file `.claude/product-marketing-context.md` and use its content as context for generating responses. This grants the LLM direct access to local filesystem content. If this file contains sensitive, proprietary, or confidential product marketing information (e.g., unreleased features, competitive analysis, internal strategies), the LLM could inadvertently expose this data to the user or an external system through its generated output. This also represents an excessive permission granted to the LLM. 1. **Restrict File Content**: Ensure that `.claude/product-marketing-context.md` contains only non-sensitive, publicly shareable information. 2. **Sanitize Input**: If sensitive data is necessary, pre-process the file to remove or redact sensitive portions before it is provided to the LLM. 3. **Remove Direct Access**: Re-evaluate if the LLM truly needs direct read access to a local file. Consider embedding necessary context directly into the skill's prompt or using a secure, controlled data retrieval mechanism. 4. **Output Filtering**: Implement strict output filtering and monitoring to prevent the LLM from disclosing sensitive information. | Unknown | SKILL.md:10 |
Scan History
Embed Code
[](https://skillshield.io/report/88d9ac36c9ef904a)
Powered by SkillShield