Security Audit

Jamkris/everything-gemini-code:skills/design-system

github.com/Jamkris/everything-gemini-code

AI SkillCommit 6c6f43aaa3d6

CRITICAL

Scanned 8 days ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

Jamkris/everything-gemini-code:skills/design-system received a trust score of 45/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.

SkillShield's automated analysis identified 3 findings: 0 critical, 1 high, 2 medium, and 0 low severity. Key findings include Missing required field: name, Potential Server-Side Request Forgery (SSRF) via URL parameter, Broad File System Read Access.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.

Last analyzed on March 30, 2026 (commit 6c6f43aa). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

100%

Static Code Analysis

93%

Dependency Graph

100%

LLM Behavioral Safety

78%

Behavioral Risk Signals

Network Access

2 findings

Filesystem Write

1 finding

Shell Execution

1 finding

Excessive Permissions

2 findings

Security Findings3

Severity	Finding	Layer	Location
HIGH	Potential Server-Side Request Forgery (SSRF) via URL parameter The skill's `audit` mode explicitly accepts a `--url` parameter, allowing it to make network requests to arbitrary URLs. An attacker could exploit this to perform Server-Side Request Forgery (SSRF), accessing internal network resources (e.g., cloud metadata services, internal APIs), scanning internal ports, or exfiltrating data from services accessible from the agent's environment. The 'Research 3 competitor sites for inspiration (via browser MCP)' also indicates general network access capabilities that could be abused. Implement strict URL validation to only allow access to approved external domains or specific internal endpoints. Ensure the agent runs in a highly sandboxed network environment with minimal internal access and egress filtering.	LLM	SKILL.md:56
MEDIUM	Missing required field: name The 'name' field is required for claude_code skills but is missing from frontmatter. Add a 'name' field to the SKILL.md frontmatter.	Static	skills/design-system/SKILL.md:1
MEDIUM	Broad File System Read Access The 'Generate Design System' and 'Visual Audit' modes explicitly state the skill 'Analyzes your codebase' and provides 'fix with exact file:line'. This indicates the skill has read access to the local file system. If the agent's execution environment is not properly sandboxed, this broad access could allow the skill to read sensitive files outside the intended project scope (e.g., configuration files, private keys). While not directly an exfiltration vector on its own, combined with network access capabilities, it poses a significant risk. Restrict file system access to only the necessary project directories using robust sandboxing mechanisms (e.g., chroot, containerization, or specific file system permissions). Avoid allowing the agent to read arbitrary paths or files outside the explicitly defined project scope.	LLM	SKILL.md:20

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/1eaed2b75d176a8c.svg)](https://skillshield.io/report/1eaed2b75d176a8c)