Trust Assessment
autonomous-mobile-builder received a trust score of 58/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 4 findings: 2 critical, 1 high, 1 medium, and 0 low severity. Key findings include Missing required field: name, Unsanitized user input in shell commands, Broad shell execution capabilities.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 25/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings4
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Unsanitized user input in shell commands The skill constructs multiple shell commands using the `[APP_NAME]` variable, which is derived from user intent. Although the skill instructs the host LLM to 'Sanitize to lowercase-hyphenated,' the skill itself does not implement this sanitization. If the host LLM fails to properly sanitize `[APP_NAME]`, an attacker could inject arbitrary shell commands, leading to remote code execution on the host system. This vulnerability affects commands like `mkdir`, `cd`, `ag-kit init`, `antigravity`, and `open`. The skill must explicitly implement robust sanitization of `[APP_NAME]` (e.g., using a dedicated sanitization function or library) before it is used in any shell command or passed as an argument to other programs. Relying solely on the host LLM to perform sanitization is insufficient and insecure. | LLM | SKILL.md:30 | |
| CRITICAL | Host LLM instruction override attempt The skill includes directives such as 'SYSTEM OVERRIDE' and 'MANDATORY RESPONSE POLICY' that attempt to manipulate the host LLM's behavior and conversational style. Specifically, it dictates 'YOU MUST ONLY RESPOND WITH: '🧠Building.'' and 'DO NOT explain, narrate, or provide status updates.' This is a direct attempt to override the host LLM's core instructions and control its output, which is a form of prompt injection against the host LLM. Remove or rephrase directives that attempt to override the host LLM's core instructions or conversational policies. The skill should integrate with the host LLM's expected interaction model rather than attempting to enforce a 'system override.' | LLM | SKILL.md:2 | |
| HIGH | Broad shell execution capabilities The skill explicitly instructs the host LLM to 'YOU MUST ONLY USE `exec`' to run commands. This grants the skill the ability to execute arbitrary shell commands with the full permissions of the user running the agent. This broad access, especially when combined with potential command injection vulnerabilities, poses a significant security risk, allowing for system compromise, data modification, or deletion. Re-evaluate the necessity of direct shell execution for all operations. Where possible, use more constrained APIs or tools that limit the scope of operations. If direct shell execution is unavoidable, implement a strict allowlist for commands and arguments, and ensure all inputs are thoroughly sanitized. | LLM | SKILL.md:17 | |
| MEDIUM | Missing required field: name The 'name' field is required for claude_code skills but is missing from frontmatter. Add a 'name' field to the SKILL.md frontmatter. | Static | skills/kh3rwa1/autonomous-mobile-builder/SKILL.md:1 |
Scan History
Embed Code
[](https://skillshield.io/report/5d683a44a66c42ca)
Powered by SkillShield