Security Audit
Jamkris/everything-gemini-code:skills/context-budget
github.com/Jamkris/everything-gemini-codeTrust Assessment
Jamkris/everything-gemini-code:skills/context-budget received a trust score of 64/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 1 finding: 0 critical, 0 high, 1 medium, and 0 low severity. Key findings include Potential Data Leakage via Verbose Report Output.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on March 30, 2026 (commit 6c6f43aa). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| MEDIUM | Potential Data Leakage via Verbose Report Output The skill's verbose mode explicitly states it will output 'line-by-line breakdown of the heaviest files' and 'specific redundant lines between overlapping components'. If the audited files (e.g., `agents/*.md`, `skills/*/SKILL.md`, `rules/**/*.md`, `.mcp.json`, `CLAUDE.md`) contain sensitive information such as API keys, internal project details, or confidential instructions, this functionality could lead to the exposure of such data in the generated report. The host LLM processing this report could then inadvertently leak this information. Implement redaction or sanitization for potentially sensitive information within the file content before outputting it in verbose reports. Alternatively, add a clear warning to the user about the potential for sensitive data exposure when using verbose mode, and advise against using it with files known to contain secrets. | LLM | SKILL.md:80 |
Scan History
Embed Code
[](https://skillshield.io/report/3c772ca241ae322d)
Powered by SkillShield