Security Audit

frontend-design

github.com/jdrhyne/agent-skills

AI SkillCommit 0676c56a8ab1

TRUSTED

Scanned 9 days ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

frontend-design received a trust score of 86/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.

SkillShield's automated analysis identified 2 findings: 0 critical, 0 high, 2 medium, and 0 low severity. Key findings include Unpinned CDN dependency for Tailwind CSS, Unpinned CDN dependency for Lucide icons.

The analysis covered 4 layers: manifest_analysis, llm_behavioral_safety, static_code_analysis, dependency_graph. All layers scored 70 or above, reflecting consistent security practices.

Last analyzed on February 11, 2026 (commit 0676c56a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

100%

Static Code Analysis

86%

Dependency Graph

100%

LLM Behavioral Safety

100%

Behavioral Risk Signals

Network Access

2 findings

Dynamic Code

2 findings

Security Findings2

Severity	Finding	Layer	Location
MEDIUM	Unpinned CDN dependency for Tailwind CSS The skill suggests using a CDN link for Tailwind CSS that fetches the 'latest' version. Relying on unpinned 'latest' versions from a CDN can introduce supply chain risks, as a malicious update to the library or a compromise of the CDN could lead to the injection of harmful code into generated outputs if the agent uses this link. Pin the version of the CDN-hosted library to a specific, known-good version (e.g., `https://cdn.tailwindcss.com/3.4.3`) to ensure deterministic and secure dependency resolution.	Unknown	SKILL.md:99
MEDIUM	Unpinned CDN dependency for Lucide icons The skill suggests using a CDN link for Lucide icons that fetches the 'latest' version. Relying on unpinned 'latest' versions from a CDN can introduce supply chain risks, as a malicious update to the library or a compromise of the CDN could lead to the injection of harmful code into generated outputs if the agent uses this link. Pin the version of the CDN-hosted library to a specific, known-good version (e.g., `https://unpkg.com/lucide@0.303.0/dist/umd/lucide.min.js`) to ensure deterministic and secure dependency resolution.	Unknown	SKILL.md:109

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/e6edfbf3d62c7e9f.svg)](https://skillshield.io/report/e6edfbf3d62c7e9f)