Security Audit

frontend-design

github.com/jdrhyne/agent-skills

AI SkillCommit 0676c56a8ab1

TRUSTED

Scanned 9 days ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

frontend-design received a trust score of 87/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.

SkillShield's automated analysis identified 2 findings: 0 critical, 0 high, 2 medium, and 0 low severity. Key findings include Unversioned CDN dependency recommended (Tailwind CSS), Unversioned CDN dependency recommended (Lucide Icons).

The analysis covered 4 layers: manifest_analysis, llm_behavioral_safety, static_code_analysis, dependency_graph. All layers scored 70 or above, reflecting consistent security practices.

Last analyzed on February 11, 2026 (commit 0676c56a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

100%

Static Code Analysis

100%

Dependency Graph

100%

LLM Behavioral Safety

86%

Behavioral Risk Signals

Network Access

2 findings

Security Findings2

Severity	Finding	Layer	Location
MEDIUM	Unversioned CDN dependency recommended (Tailwind CSS) The skill recommends using an unversioned CDN link for Tailwind CSS. Using `https://cdn.tailwindcss.com` without a specific version tag means that the generated code will always fetch the latest version. This can lead to unexpected breaking changes in the UI or introduce malicious code if the CDN or the library's distribution is compromised, affecting the reliability and security of the agent's output. Pin the CDN dependency to a specific version to ensure stability and security. For example, use `https://cdn.tailwindcss.com/3.4.3` (or the desired version) instead of `https://cdn.tailwindcss.com`.	Unknown	SKILL.md:106
MEDIUM	Unversioned CDN dependency recommended (Lucide Icons) The skill recommends using an unversioned CDN link for Lucide Icons. Using `https://unpkg.com/lucide@latest/dist/umd/lucide.min.js` means that the generated code will always fetch the latest version. This can lead to unexpected breaking changes or introduce malicious code if the CDN or the library's distribution is compromised, affecting the reliability and security of the agent's output. Pin the CDN dependency to a specific version to ensure stability and security. For example, use `https://unpkg.com/lucide@0.300.0/dist/umd/lucide.min.js` (or the desired version) instead of `https://unpkg.com/lucide@latest/dist/umd/lucide.min.js`.	Unknown	SKILL.md:119

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/fa94136df0cfba52.svg)](https://skillshield.io/report/fa94136df0cfba52)