Trust Assessment
rust-engineer received a trust score of 83/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 2 findings: 0 critical, 1 high, 1 medium, and 0 low severity. Key findings include Skill promotes code patterns vulnerable to data exfiltration, Skill instructs LLM to load external files, potential for path manipulation.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on June 1, 2026 (commit e8be415b). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings2
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Skill promotes code patterns vulnerable to data exfiltration The skill provides Rust code examples that, if implemented by the LLM without proper input validation, could lead to data exfiltration. Specifically, the `read_config` function demonstrates reading arbitrary file paths (`std::fs::read_to_string(path)`), and the `fetch_data` function demonstrates making arbitrary network requests (`reqwest::get(url)`). If the `path` or `url` arguments are derived from untrusted user input when the LLM generates or processes code, an attacker could read sensitive files from the host system or exfiltrate data to external, attacker-controlled servers. Instruct the LLM to always sanitize and validate any user-provided input before using it as a file path or URL in generated code. For file paths, restrict access to specific directories or use a virtual file system. For URLs, validate against an allow-list of domains or ensure they point to trusted resources. The skill definition itself could include explicit warnings or 'MUST NOT DO' rules regarding untrusted input for these functions. | LLM | SKILL.md:90 | |
| MEDIUM | Skill instructs LLM to load external files, potential for path manipulation The 'Reference Guide' section instructs the LLM to 'Load detailed guidance based on context' from specific markdown files (e.g., `references/ownership.md`). If the LLM's internal mechanism for loading these references can be influenced by untrusted user input (e.g., by manipulating the 'Topic' or 'Load When' conditions to point to an arbitrary file path), it could lead to the LLM reading and processing arbitrary files from the file system. This could result in data exfiltration or prompt injection if the loaded content is then interpreted as instructions. Ensure that the LLM's file loading mechanism for 'Reference Guide' content strictly enforces an allow-list of paths or uses a secure, sandboxed method that prevents arbitrary file access. The skill definition should explicitly state that only the predefined reference paths are to be loaded, and no user input should influence the file path used for loading references. | LLM | SKILL.md:40 |
Scan History
Embed Code
[](https://skillshield.io/report/4125f86b5ca8a2cb)
Powered by SkillShield