Trust Assessment
tensorrt-llm received a trust score of 80/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 4 findings: 0 critical, 0 high, 2 medium, and 2 low severity. Key findings include Network egress to untrusted endpoints, Covert behavior / concealment directives, Unpinned dependencies in manifest.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 12, 2026 (commit 458b1186). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings4
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| MEDIUM | Network egress to untrusted endpoints HTTP request to raw IP address Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains. | Manifest | cli-tool/components/mcps/devtools/figma-dev-mode.json:4 | |
| MEDIUM | Unpinned dependencies in manifest The skill's manifest specifies `tensorrt-llm` and `torch` as dependencies without pinning specific versions. This can lead to non-reproducible builds and introduce unexpected breaking changes or security vulnerabilities if a new version of a dependency is released with issues. It is best practice to pin dependencies to exact versions for stability and security. Pin all dependencies in the manifest to specific versions (e.g., `"tensorrt-llm==1.2.0rc3"`, `"torch==2.2.0"`). | Static | SKILL.md | |
| LOW | Covert behavior / concealment directives Multiple zero-width characters (stealth text) Remove hidden instructions, zero-width characters, and bidirectional overrides. Skill instructions should be fully visible and transparent to users. | Manifest | cli-tool/components/mcps/devtools/jfrog.json:4 | |
| LOW | Use of 'latest' tag for Docker image The quick start guide recommends pulling the `nvidia/tensorrt_llm:latest` Docker image. Using the `latest` tag can lead to non-reproducible environments and unexpected behavior, as the content of the `latest` tag can change over time. For production or reproducible setups, it is best to use specific, immutable image tags or digests. Recommend using a specific, immutable Docker image tag (e.g., `nvidia/tensorrt_llm:1.2.0rc3` if available, or a digest) instead of `latest`. | Static | SKILL.md:30 |
Scan History
Embed Code
[](https://skillshield.io/report/ebf3639082cbf9aa)
Powered by SkillShield