Trust Assessment
app-builder received a trust score of 87/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 3 findings: 0 critical, 0 high, 1 medium, and 2 low severity. Key findings include Network egress to untrusted endpoints, Covert behavior / concealment directives, Excessive 'Bash' tool permission declared.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 12, 2026 (commit 458b1186). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| MEDIUM | Network egress to untrusted endpoints HTTP request to raw IP address Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains. | Manifest | cli-tool/components/mcps/devtools/figma-dev-mode.json:4 | |
| LOW | Covert behavior / concealment directives Multiple zero-width characters (stealth text) Remove hidden instructions, zero-width characters, and bidirectional overrides. Skill instructions should be fully visible and transparent to users. | Manifest | cli-tool/components/mcps/devtools/jfrog.json:4 | |
| LOW | Excessive 'Bash' tool permission declared The skill declares 'Bash' as an allowed tool in its manifest. While potentially necessary for an 'App Builder' to execute build commands or scripts, granting arbitrary shell access ('Bash') to an agent is a high-risk permission. If the agent's instructions are compromised (e.g., via prompt injection in a future interaction), this permission could be exploited to execute arbitrary commands on the host system, leading to data exfiltration, system modification, or further compromise. Although this skill is a rubric and does not explicitly instruct malicious Bash usage, the capability is present and represents a significant attack surface. Evaluate if 'Bash' is strictly necessary for the agent's core function. If so, consider using more granular tools or a sandboxed execution environment. If specific commands are needed, consider wrapping them in a more constrained tool rather than granting full shell access. Implement robust input validation and sanitization for any user-provided input that might influence Bash commands. | LLM | Manifest:1 |
Scan History
Embed Code
[](https://skillshield.io/report/38798fe698ca0f29)
Powered by SkillShield