Trust Assessment
frontend-design received a trust score of 87/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 2 findings: 0 critical, 0 high, 2 medium, and 0 low severity. Key findings include Unversioned CDN dependency recommended (Tailwind CSS), Unversioned CDN dependency recommended (Lucide Icons).
The analysis covered 4 layers: manifest_analysis, llm_behavioral_safety, static_code_analysis, dependency_graph. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 11, 2026 (commit 0676c56a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings2
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| MEDIUM | Unversioned CDN dependency recommended (Tailwind CSS) The skill recommends using an unversioned CDN link for Tailwind CSS. Using `https://cdn.tailwindcss.com` without a specific version tag means that the generated code will always fetch the latest version. This can lead to unexpected breaking changes in the UI or introduce malicious code if the CDN or the library's distribution is compromised, affecting the reliability and security of the agent's output. Pin the CDN dependency to a specific version to ensure stability and security. For example, use `https://cdn.tailwindcss.com/3.4.3` (or the desired version) instead of `https://cdn.tailwindcss.com`. | Unknown | SKILL.md:106 | |
| MEDIUM | Unversioned CDN dependency recommended (Lucide Icons) The skill recommends using an unversioned CDN link for Lucide Icons. Using `https://unpkg.com/lucide@latest/dist/umd/lucide.min.js` means that the generated code will always fetch the latest version. This can lead to unexpected breaking changes or introduce malicious code if the CDN or the library's distribution is compromised, affecting the reliability and security of the agent's output. Pin the CDN dependency to a specific version to ensure stability and security. For example, use `https://unpkg.com/lucide@0.300.0/dist/umd/lucide.min.js` (or the desired version) instead of `https://unpkg.com/lucide@latest/dist/umd/lucide.min.js`. | Unknown | SKILL.md:119 |
Scan History
Embed Code
[](https://skillshield.io/report/fa94136df0cfba52)
Powered by SkillShield