Security Audit
finishing-a-development-branch
github.com/guanyang/antigravity-skillsTrust Assessment
finishing-a-development-branch received a trust score of 86/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 1 finding: 0 critical, 1 high, 0 medium, and 0 low severity. Key findings include Potential Command Injection via Pull Request Title.
The analysis covered 4 layers: manifest_analysis, llm_behavioral_safety, static_code_analysis, dependency_graph. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 15, 2026 (commit 3e75fabd). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Potential Command Injection via Pull Request Title The skill instructs the LLM to create a GitHub Pull Request using `gh pr create --title "<title>"`. If the `<title>` placeholder is populated directly from user input or an LLM-generated string without proper shell escaping or sanitization, it could lead to command injection. An attacker could craft a malicious title containing shell metacharacters (e.g., `" --body "$(rm -rf /)"`) to execute arbitrary commands on the host system when the `gh pr create` command is run. The LLM should be explicitly instructed to sanitize or shell-escape any user-provided or dynamically generated input used for the `--title` argument of the `gh pr create` command. Alternatively, if the `gh` CLI offers a safer way to pass the title (e.g., via a file or a specific API that handles escaping), that method should be preferred. | Unknown | SKILL.md:80 |
Scan History
Embed Code
[](https://skillshield.io/report/25794fe5c36989f4)
Powered by SkillShield