Trust Assessment
spring-boot-engineer received a trust score of 90/100, placing it in the Trusted category. This skill has passed all critical security checks and demonstrates strong security practices.
SkillShield's automated analysis identified 1 finding: 0 critical, 1 high, 0 medium, and 0 low severity. Key findings include Dynamic Content Loading for Guidance Poses Prompt Injection Risk.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 11, 2026 (commit 3d5e297b). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Dynamic Content Loading for Guidance Poses Prompt Injection Risk The skill instructs the agent to load additional guidance from internal markdown files (e.g., `references/web.md`, `references/security.md`). While these files are internal to the skill package, they represent a vector for injecting instructions into the agent's context beyond the primary `SKILL.md`. If the content of these dynamically loaded files contains malicious instructions or prompt injection attempts, the agent could be manipulated to deviate from its intended purpose or perform unintended actions. The `references/*.md` files were not provided for analysis, so their specific content could not be assessed. Thoroughly review all `references/*.md` files for prompt injection attempts, malicious instructions, or content that could override the agent's core directives. Implement robust input sanitization and instruction filtering for any dynamically loaded content. Consider sandboxing the interpretation of loaded guidance to prevent it from overriding core instructions or executing privileged operations. | LLM | SKILL.md:33 |
Scan History
Embed Code
[](https://skillshield.io/report/4b4ac6198f98fe1a)
Powered by SkillShield