Trust Assessment
autonomous-brain received a trust score of 65/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 3 findings: 2 critical, 1 high, 0 medium, and 0 low severity. Key findings include Untrusted skill instructs extreme autonomy and overrides safety, Untrusted skill grants universal tool access and code execution, Untrusted skill instructs broad system and file management.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 25/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Untrusted skill instructs extreme autonomy and overrides safety The skill, provided as untrusted input, explicitly instructs the host LLM to operate as an 'autonomous intelligence partner' with 'proactive intelligence' and 'seamless execution' in 'Autopilot' mode. It directs the LLM to 'think proactively, monitor continuously, and execute seamlessly' and to 'understand the user's goals and accomplish them with minimal friction, maximum efficiency, and intelligent anticipation.' These instructions are designed to override the LLM's default safety mechanisms and operate with minimal user oversight, which constitutes a severe form of prompt injection when originating from an untrusted source. Do not allow untrusted skill definitions to dictate core operational autonomy or override safety mechanisms. Implement strict sandboxing and explicit user confirmation for highly autonomous actions. Ensure the LLM's default safety and ethical guidelines cannot be bypassed by untrusted input. | LLM | SKILL.md:10 | |
| CRITICAL | Untrusted skill grants universal tool access and code execution The untrusted skill explicitly instructs the LLM to have 'Universal tool access: Use any system tool, script, or command available' and 'Code generation: Write, modify, and execute code in any language.' It also lists integration points like 'kali-pentest', 'terminal', and 'shell'. These directives grant the LLM excessively broad permissions, enabling arbitrary command execution and code injection from an untrusted source, posing a critical security risk. Restrict tool access to a predefined, allow-listed set of safe tools. Prevent the LLM from directly executing arbitrary code or shell commands from untrusted skill definitions. Implement strict sandboxing for any code execution environment. | LLM | SKILL.md:33 | |
| HIGH | Untrusted skill instructs broad system and file management The untrusted skill instructs the LLM to perform 'System integration: Interface with any API, service, or protocol' and 'File & System Management: Intelligent file organization, Automated backups, Smart search and retrieval, Content generation and editing.' It also mentions 'File watching: Track changes in important directories' and 'Log analysis: Continuously analyze logs for issues or insights.' These instructions grant the LLM broad access to the filesystem, APIs, and system logs, which, when combined with the high autonomy, creates a significant risk for data exfiltration, unauthorized modification, or system compromise. Implement granular access controls for file system operations, API integrations, and system monitoring. Require explicit user consent or a secure approval process for sensitive operations, especially when dealing with untrusted skill definitions. | LLM | SKILL.md:35 |
Scan History
Embed Code
[](https://skillshield.io/report/954dcf71bb1b23d4)
Powered by SkillShield