Trust Assessment
arya-reminders received a trust score of 72/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 1 finding: 1 critical, 0 high, 0 medium, and 0 low severity. Key findings include User input embedded in agent instruction payload.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | User input embedded in agent instruction payload The skill embeds user-provided message content (`args.message`) directly into a `message` field within the cron job payload. This payload is designed to be processed by the host LLM/agent when the cron job triggers. A malicious user could craft `args.message` to include prompt injection instructions, manipulating the agent's behavior (e.g., sending arbitrary messages, performing unauthorized actions). The instruction "No hagas preguntas" (Do not ask questions) further attempts to bypass agent safeguards, increasing the severity of this vulnerability. Implement robust input sanitization or escaping for `args.message` before embedding it into the agent's instruction payload. A more secure approach is to redesign the payload to pass the user message as structured data rather than as part of a natural language instruction to the agent. For example, use a dedicated data field for the reminder text and a separate, fixed instruction for the agent to 'send the reminder text to the user'. | LLM | schedule_cron.py:30 |
Scan History
Embed Code
[](https://skillshield.io/report/5abff9d285175f05)
Powered by SkillShield