Security Audit
DietrichGebert/ponytail:skills/ponytail-review
github.com/DietrichGebert/ponytailTrust Assessment
DietrichGebert/ponytail:skills/ponytail-review received a trust score of 85/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 1 finding: 0 critical, 0 high, 1 medium, and 0 low severity. Key findings include Indirect Prompt Injection via Mode-Switching Triggers.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on June 21, 2026 (commit 6da37bfa). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| MEDIUM | Indirect Prompt Injection via Mode-Switching Triggers The skill defines explicit trigger phrases ('stop ponytail-review' or 'normal mode') to revert to a verbose review style. Because this skill is designed to process untrusted user code and diffs, an attacker can place these trigger phrases inside a pull request or source file to bypass the ponytail-review constraints, causing the LLM to escape its system instructions and revert to a different behavior. Avoid defining simple string triggers in the prompt that alter the LLM's operating mode based on content it might encounter in untrusted inputs (like diffs). If mode switching is necessary, handle it via explicit user commands or application-level routing rather than relying on the LLM detecting these phrases within the analyzed text. | LLM | SKILL.md:45 |
Scan History
Embed Code
[](https://skillshield.io/report/32d42d205f9598e3)
Powered by SkillShield