Trust Assessment
arya-reminders received a trust score of 86/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 1 finding: 0 critical, 1 high, 0 medium, and 0 low severity. Key findings include User input embedded in agent instructions for cron job message.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | User input embedded in agent instructions for cron job message The `schedule_cron.py` script constructs a message for an `agentTurn` payload. This message combines a hardcoded instruction for the agent ("Envía este recordatorio por Telegram. No hagas preguntas.") with user-provided content (`args.message`). If the agent's underlying LLM processes this combined string, a malicious user could craft `args.message` to override or manipulate the agent's behavior, leading to unintended actions or information disclosure. Separate agent instructions from user-provided content. The agent should be explicitly instructed to *deliver* the user's message, rather than having the user's message be part of the agent's instruction string. For example, the `payload` could have separate fields for `agent_instruction` and `user_content_to_deliver`, or the agent should be designed to treat the `message` field as literal content for delivery, not as instructions. If the agent *must* interpret the message, then the user content should be enclosed in clear delimiters (e.g., XML tags, JSON blocks) that the LLM is trained to ignore for instruction purposes. | LLM | schedule_cron.py:30 |
Scan History
Embed Code
[](https://skillshield.io/report/af602b1bdef756c7)
Powered by SkillShield