Trust Assessment
api-gateway received a trust score of 85/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 1 finding: 0 critical, 1 high, 0 medium, and 0 low severity. Key findings include AWS CLI command to retrieve API key secret value.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 11, 2026 (commit e9e01ada). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | AWS CLI command to retrieve API key secret value The skill documentation includes an AWS CLI command `aws apigateway get-api-key --api-key abc123 --include-value` as part of its troubleshooting section. This command, when executed with a valid API key ID, directly retrieves and displays the secret value of the API key. If an AI agent is prompted to debug an API key and is provided with an API key ID, it might execute this command, leading to credential harvesting and data exfiltration if the agent's output is logged or accessible. Implement strict policies to prevent AI agents from executing commands that retrieve sensitive credentials, especially those with `--include-value` or similar flags. Agents should be trained to redact or avoid displaying such output. From the skill's perspective, consider removing the `--include-value` flag from the example if the intent is to check API key metadata without exposing the secret. If retrieval is necessary for debugging, add a strong warning about the security implications and advise against using it in production or logging environments. | Static | SKILL.md:200 |
Scan History
Embed Code
[](https://skillshield.io/report/21d8524cbe52ff51)
Powered by SkillShield