Security Audit

garrettjsmith/localseoskills:skills/local-seo-audit

github.com/garrettjsmith/localseoskills

AI SkillCommit 0d3fc1050517

TRUSTED

Scanned 5 days ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

garrettjsmith/localseoskills:skills/local-seo-audit received a trust score of 85/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.

SkillShield's automated analysis identified 1 finding: 0 critical, 0 high, 1 medium, and 0 low severity. Key findings include Reliance on Undefined Custom Tools/Skills.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.

Last analyzed on March 26, 2026 (commit 0d3fc105). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

100%

Static Code Analysis

93%

Dependency Graph

100%

LLM Behavioral Safety

100%

Behavioral Risk Signals

Network Access

1 finding

Shell Execution

1 finding

Dynamic Code

1 finding

Excessive Permissions

1 finding

Security Findings1

Severity	Finding	Layer	Location
MEDIUM	Reliance on Undefined Custom Tools/Skills The skill package explicitly references multiple custom tools and skills (e.g., `localseodata-tool`, `gbp-optimization`, `local-schema`, `review-management`, `geogrid-analysis`, `local-landing-pages`, `local-citations`, `local-link-building`, `local-competitor-analysis`, `local-keyword-research`, `client-deliverables`). The security and functionality of this skill are entirely dependent on the trustworthiness and implementation of these external, undefined components. Without access to their source code or detailed specifications, it's impossible to assess potential vulnerabilities such as command injection, data exfiltration, or logical flaws within those tools. This introduces a significant supply chain risk, as a compromise in any of these underlying tools could impact the security of the `local-seo-audit` skill. Provide the source code or detailed security specifications for all referenced custom tools and skills. Implement a robust vetting process for all third-party or custom dependencies. Consider sandboxing or limiting the permissions of these tools if their full trust cannot be established, and ensure they adhere to secure coding practices, especially when handling user input or sensitive data.	Static	SKILL.md:10

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/115e7b05d8275ceb.svg)](https://skillshield.io/report/115e7b05d8275ceb)