Trust Assessment
cocoindex received a trust score of 68/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 5 findings: 0 critical, 1 high, 2 medium, and 2 low severity. Key findings include Network egress to untrusted endpoints, Covert behavior / concealment directives, Agent instructed to solicit API keys from user.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 12, 2026 (commit 458b1186). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings5
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Agent instructed to solicit API keys from user The skill explicitly instructs the agent to prompt the user for sensitive API keys (e.g., OpenAI, Anthropic, Google, Voyage) if they are not found in the environment. This poses a credential harvesting risk, as the agent would then be responsible for handling and potentially storing these keys, increasing the attack surface for sensitive information. Avoid instructing the agent to directly solicit API keys from the user. Instead, instruct the user to set up environment variables themselves or use secure credential management systems. The agent should assume necessary credentials are pre-configured or securely provided by the user's environment. | LLM | SKILL.md:100 | |
| MEDIUM | Network egress to untrusted endpoints HTTP request to raw IP address Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains. | Manifest | cli-tool/components/mcps/devtools/figma-dev-mode.json:4 | |
| MEDIUM | Unpinned dependencies recommended for installation The skill instructs users to install `cocoindex` and its optional extras (e.g., `cocoindex[embeddings]`) without specifying version pins. This practice can lead to supply chain vulnerabilities, as users might inadvertently install incompatible, unvetted, or malicious versions of these packages if they are updated upstream. Recommend specific, pinned versions for all dependencies (e.g., `cocoindex==1.2.3`, `cocoindex[embeddings]==1.2.3`) to ensure reproducibility and mitigate risks from unexpected upstream changes. | LLM | SKILL.md:60 | |
| LOW | Covert behavior / concealment directives Multiple zero-width characters (stealth text) Remove hidden instructions, zero-width characters, and bidirectional overrides. Skill instructions should be fully visible and transparent to users. | Manifest | cli-tool/components/mcps/devtools/jfrog.json:4 | |
| LOW | Agent instructed to write files to filesystem The skill provides instructions for creating `main.py` and `.env` files, implying the agent will write these files to the local filesystem. While necessary for code generation tasks, this capability represents write access to the filesystem, which could be considered an excessive permission if the agent's execution environment is not adequately sandboxed or restricted. Ensure the agent's execution environment is sandboxed with minimal necessary write permissions. If file creation is required, confirm that the agent writes only to designated, temporary, or user-approved directories. | LLM | SKILL.md:120 |
Scan History
Embed Code
[](https://skillshield.io/report/27fb426981422a5b)
Powered by SkillShield