Trust Assessment
agentskills-io received a trust score of 72/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 2 findings: 0 critical, 2 high, 0 medium, and 0 low severity. Key findings include Unpinned Git dependency for 'skills-ref' tool, Unpinned Git dependency in validation script.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings2
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Unpinned Git dependency for 'skills-ref' tool The skill instructs users to install and run the 'skills-ref' tool directly from a Git repository (`git+https://github.com/agentskills/agentskills#subdirectory=skills-ref`) without specifying a commit hash or tag. This means that any changes pushed to the default branch of the `agentskills/agentskills` repository would be immediately executed by users, posing a significant supply chain risk. A malicious actor compromising the upstream repository could inject arbitrary code. Pin the Git dependency to a specific commit hash or version tag (e.g., `git+https://github.com/agentskills/agentskills@<commit_hash>#subdirectory=skills-ref` or `git+https://github.com/agentskills/agentskills@v1.0.0#subdirectory=skills-ref`). This ensures deterministic and auditable execution. | LLM | SKILL.md:38 | |
| HIGH | Unpinned Git dependency in validation script The `validate-skills-repo.sh` script executes the `skills-ref` tool using `uvx --from git+https://github.com/agentskills/agentskills#subdirectory=skills-ref`. Similar to the `SKILL.md` instructions, this command fetches and runs code directly from an unpinned Git repository. This introduces a supply chain risk where a compromised upstream repository could lead to arbitrary code execution during the validation process. Pin the Git dependency to a specific commit hash or version tag (e.g., `git+https://github.com/agentskills/agentskills@<commit_hash>#subdirectory=skills-ref` or `git+https://github.com/agentskills/agentskills@v1.0.0#subdirectory=skills-ref`). This ensures deterministic and auditable execution. | LLM | scripts/validate-skills-repo.sh:23 |
Scan History
Embed Code
[](https://skillshield.io/report/9b219e22b953a29e)
Powered by SkillShield