Trust Assessment
brainstorming received a trust score of 76/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 3 findings: 0 critical, 1 high, 1 medium, and 1 low severity. Key findings include Network egress to untrusted endpoints, Covert behavior / concealment directives, Broad filesystem and Git write access requested.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 12, 2026 (commit 458b1186). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Broad filesystem and Git write access requested The skill explicitly instructs the AI agent to 'Check out the current project state first (files, docs, recent commits)', implying broad read access to the entire project directory and its git history. Furthermore, it instructs the agent to 'Write the validated design to `docs/plans/YYYY-MM-DD-<topic>-design.md`' and 'Commit the design document to git'. This grants the agent broad write access to the filesystem and the ability to commit changes directly to the git repository. While these actions are described as part of the skill's intended functionality, granting an AI agent such extensive permissions, especially the ability to commit to git without explicit human review, poses a significant security risk. A compromised or buggy agent could read sensitive files, overwrite critical project files, or introduce malicious/unwanted changes into the codebase. Implement granular access controls for the AI agent, limiting its filesystem and git operations to the absolute minimum necessary. For git commits, ensure a mandatory human review step (e.g., pull request creation) before changes are merged. Consider sandboxing the agent's environment to prevent access to sensitive areas outside its operational scope. | LLM | SKILL.md:12 | |
| MEDIUM | Network egress to untrusted endpoints HTTP request to raw IP address Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains. | Manifest | cli-tool/components/mcps/devtools/figma-dev-mode.json:4 | |
| LOW | Covert behavior / concealment directives Multiple zero-width characters (stealth text) Remove hidden instructions, zero-width characters, and bidirectional overrides. Skill instructions should be fully visible and transparent to users. | Manifest | cli-tool/components/mcps/devtools/jfrog.json:4 |
Scan History
Embed Code
[](https://skillshield.io/report/a6ec0578bd7a6677)
Powered by SkillShield