Trust Assessment
swift-concurrency received a trust score of 35/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 2 findings: 1 critical, 0 high, 1 medium, and 0 low severity. Key findings include Attempted Prompt Injection via 'Agent Behavior Contract', Request for Broad Filesystem Read Access via `Read` and `Grep` Tools.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on May 1, 2026 (commit 0b6377a8). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings2
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Attempted Prompt Injection via 'Agent Behavior Contract' The skill package contains a section titled 'Agent Behavior Contract (Follow These Rules)' which attempts to dictate the behavior and operational guidelines of the host LLM. This is a direct attempt to inject instructions into the LLM's reasoning process from untrusted content, aiming to override or influence its primary directives. Remove or rephrase the 'Agent Behavior Contract' section. LLM instructions should be provided as part of the trusted system prompt or skill definition, not embedded within untrusted skill content. The skill's intended function should be described descriptively rather than prescriptively for the LLM. | LLM | SKILL.md:17 | |
| MEDIUM | Request for Broad Filesystem Read Access via `Read` and `Grep` Tools The skill explicitly instructs the agent to use `Read` on `Package.swift` and `Grep` for specific strings within `.pbxproj` files. While these actions are often necessary for code analysis skills, they imply that the agent requires broad filesystem read access within the user's project context. If the agent's `Read` and `Grep` tools are not strictly sandboxed or if the agent's output handling is not secure, this could lead to the unintended exposure or exfiltration of sensitive project configuration data. Ensure that the `Read` and `Grep` tools available to the agent are strictly sandboxed to the project directory and that the agent is designed to only extract and report specific, non-sensitive configuration details, rather than the full content of files. Implement strict output filtering for tool results to prevent accidental data leakage. | Static | SKILL.md:37 |
Scan History
Embed Code
[](https://skillshield.io/report/dea1b155ae10c62b)
Powered by SkillShield