Trust Assessment
executing-plans received a trust score of 95/100, placing it in the Trusted category. This skill has passed all critical security checks and demonstrates strong security practices.
SkillShield's automated analysis identified 1 finding: 0 critical, 0 high, 1 medium, and 0 low severity. Key findings include Potential Data Exfiltration via Reporting of Plan File Contents.
The analysis covered 4 layers: llm_behavioral_safety, manifest_analysis, static_code_analysis, dependency_graph. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 11, 2026 (commit a98c5dfc). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| MEDIUM | Potential Data Exfiltration via Reporting of Plan File Contents The skill instructs the AI agent to 'Read plan file' (Step 1) and subsequently to 'Show what was implemented' and 'Show verification output' (Step 3). If the 'plan file' contains sensitive user data, credentials, or confidential information, the agent's reporting of 'what was implemented' or 'verification output' could inadvertently include and exfiltrate parts of this sensitive data. The skill does not include any explicit instructions for redacting or filtering sensitive information from these reports. Add explicit instructions for the agent to redact or filter sensitive information from its reports, especially when reporting on the contents or outcomes derived from the 'plan file'. For example, 'When reporting, ensure no sensitive details from the plan file or execution environment are included unless explicitly requested by the user.' or 'Only report high-level summaries of implementation, avoid quoting sensitive plan details.' | Unknown | SKILL.md:15 |
Scan History
Embed Code
[](https://skillshield.io/report/2f86e8d5610ab5c2)
Powered by SkillShield