Trust Assessment
java-architect received a trust score of 81/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 2 findings: 0 critical, 1 high, 1 medium, and 0 low severity. Key findings include Skill instructs LLM to execute shell commands, Skill instructs LLM to load and interpret local files.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on June 1, 2026 (commit e8be415b). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings2
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Skill instructs LLM to execute shell commands The skill explicitly instructs the host LLM to execute shell commands (`./mvnw verify`, `./gradlew check`) as part of its workflow. If the LLM has the capability to execute shell commands based on skill instructions, this represents a direct command injection vulnerability. An attacker could potentially modify the skill to execute arbitrary commands on the host system. Rephrase instructions to describe the *expected outcome* or *user action* rather than directly instructing the LLM to *execute* shell commands. For example, 'Verify the project by running `mvnw verify` manually' or 'The project should pass `mvnw verify`'. | LLM | SKILL.md:20 | |
| MEDIUM | Skill instructs LLM to load and interpret local files The skill instructs the LLM to 'Load detailed guidance' from relative file paths (e.g., `references/spring-boot-setup.md`) and to 'identify untested branches via JaCoCo report (`target/site/jacoco/index.html`)'. This implies the LLM is expected to read and interpret content from local files within the skill's directory. If the LLM has file system access, this could lead to: 1. Prompt Injection: If the content of these loaded files can be manipulated to contain malicious instructions, they could influence the LLM's behavior. 2. Excessive Permissions: The LLM is implicitly granted read access to local files, which could be exploited if paths are not strictly controlled or if the LLM can be tricked into reading arbitrary files. Avoid instructing the LLM to load local files directly. Instead, provide the content of these reference files as part of the skill's prompt or use a secure mechanism for content retrieval. Ensure the LLM's file system access is strictly limited to necessary, whitelisted resources, and that it cannot interpret arbitrary file content as instructions. | LLM | SKILL.md:35 |
Scan History
Embed Code
[](https://skillshield.io/report/1dc278da49b333ba)
Powered by SkillShield