Trust Assessment
gguf-quantization received a trust score of 55/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 5 findings: 1 critical, 1 high, 1 medium, and 1 low severity. Key findings include Network egress to untrusted endpoints, Covert behavior / concealment directives, Arbitrary Code Execution via External Repository Clone and Compilation.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 55/100, indicating areas for improvement.
Last analyzed on February 12, 2026 (commit 458b1186). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings5
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Arbitrary Code Execution via External Repository Clone and Compilation The skill instructs the agent to `git clone` an external repository (`https://github.com/ggml-org/llama.cpp`) and then compile its contents using `make`. This allows for arbitrary code execution on the host system, as the agent would be downloading, compiling, and running code from an external, potentially untrusted source without explicit user review or sandboxing. This poses a severe security risk. Agents should never directly execute `git clone` and `make` commands from untrusted skill content without strict sandboxing and explicit user confirmation. If the skill requires `llama.cpp`, it should ideally be provided as a pre-compiled, verified binary or within a containerized environment. If compilation is necessary, the source should be explicitly reviewed and approved by the user. | LLM | SKILL.md:30 | |
| HIGH | Arbitrary Package Installation via Unspecified requirements.txt The skill instructs the agent to run `pip install -r requirements.txt`. The `requirements.txt` file is not provided within the skill context, meaning its contents are unknown. This could potentially specify malicious packages or unpinned versions, leading to arbitrary code execution during installation on the host system. All required Python packages should be explicitly listed and strictly pinned in the skill's manifest `dependencies` section. Avoid using `pip install -r requirements.txt` with an unspecified `requirements.txt` file in untrusted content. | LLM | SKILL.md:47 | |
| MEDIUM | Network egress to untrusted endpoints HTTP request to raw IP address Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains. | Manifest | cli-tool/components/mcps/devtools/figma-dev-mode.json:4 | |
| LOW | Covert behavior / concealment directives Multiple zero-width characters (stealth text) Remove hidden instructions, zero-width characters, and bidirectional overrides. Skill instructions should be fully visible and transparent to users. | Manifest | cli-tool/components/mcps/devtools/jfrog.json:4 | |
| INFO | Unpinned Python Dependency in Manifest The `llama-cpp-python>=0.2.0` dependency in the manifest uses a minimum version specifier (`>=`) rather than a strict pin (`==`). This allows for automatic updates to newer versions, which could potentially introduce breaking changes, vulnerabilities, or unexpected behavior without explicit review. While common, strict pinning is a best practice for supply chain security. Strictly pin all Python dependencies to exact versions (e.g., `llama-cpp-python==0.2.x`) to ensure reproducibility and prevent unexpected issues from upstream changes. | LLM | Manifest |
Scan History
Embed Code
[](https://skillshield.io/report/8283bce1e8e779e5)
Powered by SkillShield