Trust Assessment
add-watermark-to-pdf received a trust score of 57/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 5 findings: 0 critical, 2 high, 2 medium, and 0 low severity. Key findings include Suspicious import: requests, Potential data exfiltration: file read + network send, Unpinned Python dependency version.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings5
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Potential data exfiltration: file read + network send Function 'create_job' reads files and sends data over the network. This may indicate data exfiltration. Review this function to ensure file contents are not being sent to external servers. | Static | skills/crossservicesolutions/add-watermark-to-pdf/scripts/add-watermark-to-pdf.py:65 | |
| HIGH | Sensitive watermark text unconditionally returned in output The `SKILL.md` explicitly states that the `watermark_text` should be "returned only if safe; do not return if user considers it sensitive". However, the Python script `scripts/add-watermark-to-pdf.py` unconditionally includes the `watermark_text` (from `args.text`) in the final JSON output dictionary. If the user provides sensitive information as the watermark text, this information will be exposed in the skill's output, violating the stated security guideline. Modify the script to conditionally include `watermark_text` in the output based on a user-controlled flag or a clear indication of sensitivity. Alternatively, remove `watermark_text` from the output entirely if it's always considered potentially sensitive. | LLM | scripts/add-watermark-to-pdf.py:240 | |
| MEDIUM | Suspicious import: requests Import of 'requests' detected. This module provides network or low-level system access. Verify this import is necessary. Network and system modules in skill code may indicate data exfiltration. | Static | skills/crossservicesolutions/add-watermark-to-pdf/scripts/add-watermark-to-pdf.py:27 | |
| MEDIUM | Unpinned Python dependency version Requirement 'requests>=2.32.0' is not pinned to an exact version. Pin Python dependencies with '==<exact version>'. | Dependencies | skills/crossservicesolutions/add-watermark-to-pdf/requirements.txt:1 | |
| INFO | Instruction within untrusted content The `SKILL.md` file, which is part of the untrusted input, contains an explicit instruction intended for the developer or LLM: "**Rule:** never echo or log the API key." While this specific instruction is security-positive, any directive embedded within untrusted content violates the principle of treating such content as data, not commands. This could be a vector for malicious prompt injection if the instruction were different. Remove any instructions or directives intended for the LLM or developer from untrusted content. If a security guideline is needed, it should be part of the trusted skill definition or documentation outside the untrusted input. | LLM | SKILL.md:25 |
Scan History
Embed Code
[](https://skillshield.io/report/60977cc03b29a0f7)
Powered by SkillShield