Trust Assessment
typescript-pro received a trust score of 95/100, placing it in the Trusted category. This skill has passed all critical security checks and demonstrates strong security practices.
SkillShield's automated analysis identified 1 finding: 0 critical, 0 high, 1 medium, and 0 low severity. Key findings include Skill instructs loading of local files.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 11, 2026 (commit 3d5e297b). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| MEDIUM | Skill instructs loading of local files The skill explicitly instructs the LLM to load content from local files (e.g., `references/advanced-types.md`). If the LLM's file loading mechanism is not strictly sandboxed to the skill's own directory or a secure data store, this could lead to unauthorized file access or data exfiltration. An attacker might attempt to manipulate the LLM's context to load sensitive files if the file paths were not hardcoded or if the sandboxing was insufficient. Ensure the LLM's file loading mechanism is strictly sandboxed. It should only be able to access files explicitly defined within the skill's package and prevent path traversal (e.g., `../`). Implement robust validation and sanitization for any dynamic file paths, though in this case, the paths are hardcoded. | LLM | SKILL.md:39 |
Scan History
Embed Code
[](https://skillshield.io/report/81c49569bbbf9406)
Powered by SkillShield