Trust Assessment
google-ads received a trust score of 85/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 1 finding: 0 critical, 0 high, 1 medium, and 0 low severity. Key findings include Credential exposure via cat command on configuration file.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on July 1, 2026 (commit a4d31ad1). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| MEDIUM | Credential exposure via cat command on configuration file The skill instructions suggest running `cat ~/.google-ads.yaml` to check the configuration. This command outputs the entire configuration file, which contains sensitive credentials (developer token, client ID, client secret, refresh token), to the terminal standard output. This can expose secrets in terminal logs, shell history, or LLM conversation history. Avoid printing the entire configuration file. Instead, verify the file's existence and permissions, or check for the presence of required keys programmatically without printing their values. | LLM | SKILL.md:79 |
Scan History
Embed Code
[](https://skillshield.io/report/d824fa3c2d499dca)
Powered by SkillShield