Security Audit
finishing-a-development-branch
github.com/guanyang/antigravity-skillsTrust Assessment
finishing-a-development-branch received a trust score of 86/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 1 finding: 0 critical, 1 high, 0 medium, and 0 low severity. Key findings include Potential Command Injection via Pull Request Title.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 15, 2026 (commit 3e75fabd). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Potential Command Injection via Pull Request Title The skill instructs the LLM to create a GitHub Pull Request using `gh pr create --title "<title>"`. If the `<title>` placeholder is populated directly from user input or an LLM-generated string without proper shell escaping or sanitization, it could lead to command injection. An attacker could craft a malicious title containing shell metacharacters (e.g., `" --body "$(rm -rf /)"`) to execute arbitrary commands on the host system when the `gh pr create` command is run. The LLM should be explicitly instructed to sanitize or shell-escape any user-provided or dynamically generated input used for the `--title` argument of the `gh pr create` command. Alternatively, if the `gh` CLI offers a safer way to pass the title (e.g., via a file or a specific API that handles escaping), that method should be preferred. | LLM | SKILL.md:80 |
Scan History
Embed Code
[](https://skillshield.io/report/25794fe5c36989f4)
Powered by SkillShield