Security Audit
ncklrs/startup-os-skills:skills/account-executive
github.com/ncklrs/startup-os-skillsTrust Assessment
ncklrs/startup-os-skills:skills/account-executive received a trust score of 76/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 1 finding: 0 critical, 1 high, 0 medium, and 0 low severity. Key findings include Untrusted content attempts to direct LLM's operational logic.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on March 10, 2026 (commit 91625964). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Untrusted content attempts to direct LLM's operational logic The skill's `SKILL.md` contains an instruction 'When invoked, apply the guidelines in `rules/` organized by: ...' which attempts to direct the host LLM to load and apply content from a specified (but hypothetical) directory structure. This is a prompt injection attempt, as the untrusted skill content is trying to dictate the LLM's internal processing or data retrieval mechanisms, rather than simply providing content for the LLM to process. Remove instructions that attempt to control the LLM's behavior or internal logic from untrusted skill content. Skill behavior should be defined by trusted manifest/code, not by user-provided markdown. | LLM | SKILL.md:18 |
Scan History
Embed Code
[](https://skillshield.io/report/8f083542be5fb1bd)
Powered by SkillShield