Trust Assessment
adcp-advertising received a trust score of 92/100, placing it in the Trusted category. This skill has passed all critical security checks and demonstrates strong security practices.
SkillShield's automated analysis identified 2 findings: 0 critical, 0 high, 1 medium, and 1 low severity. Key findings include Hardcoded test agent authentication token, Unpinned dependency in example code.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings2
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| MEDIUM | Hardcoded test agent authentication token An authentication token for the public test agent (`https://test-agent.adcontextprotocol.org/mcp`) is hardcoded and exposed directly in the skill's documentation. While intended for testing, hardcoding credentials, even for test environments, is a security anti-pattern that can lead to misuse or set a precedent for exposing production credentials. The documentation also contains a contradictory statement 'No authentication needed for test agent' near the token. Remove the hardcoded token from the documentation. If authentication is truly required for the test agent, instruct users on how to obtain or generate a temporary token, or use a mechanism that doesn't expose a fixed credential. If no authentication is needed, remove the 'Auth Token' line entirely to avoid confusion. | LLM | SKILL.md:270 | |
| LOW | Unpinned dependency in example code The example code imports `@adcp/client/testing` without specifying a version. In a real project, using unpinned dependencies can lead to unexpected behavior, breaking changes, or security vulnerabilities if a new version introduces malicious code. While this is an example in documentation, it's a good practice to highlight the importance of dependency pinning. In actual project dependency configurations (e.g., `package.json`), always pin dependencies to specific versions or use strict version ranges to ensure build reproducibility and security. For documentation, consider adding a note about pinning dependencies in production environments. | LLM | SKILL.md:275 |
Scan History
Embed Code
[](https://skillshield.io/report/c06cb777dc893934)
Powered by SkillShield