Security Audit
DietrichGebert/ponytail:.openclaw/skills/ponytail-debt
github.com/DietrichGebert/ponytailTrust Assessment
DietrichGebert/ponytail:.openclaw/skills/ponytail-debt received a trust score of 85/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 1 finding: 0 critical, 1 high, 0 medium, and 0 low severity. Key findings include Indirect Prompt Injection via Repository Comments.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on June 21, 2026 (commit 6da37bfa). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Indirect Prompt Injection via Repository Comments The skill instructs the LLM to scan the repository for 'ponytail:' comments and extract their content to build a ledger. If the repository contains untrusted files (e.g., from third-party contributions or untrusted branches), an attacker can craft a malicious comment containing prompt injection instructions. When the LLM processes these comments, it may interpret the injected instructions as commands, potentially leading to unauthorized tool execution, file modification, or data exfiltration. Add explicit instructions in the SKILL.md boundaries or system prompt telling the LLM to treat all extracted comment content strictly as untrusted text data. Emphasize that it must never execute, follow, or interpret any instructions contained within the scanned comments. | LLM | SKILL.md:10 |
Scan History
Embed Code
[](https://skillshield.io/report/9c8a58a96b9b6235)
Powered by SkillShield