Trust Assessment
azure-auth received a trust score of 98/100, placing it in the Trusted category. This skill has passed all critical security checks and demonstrates strong security practices.
SkillShield's automated analysis identified 1 finding: 0 critical, 0 high, 0 medium, and 1 low severity. Key findings include Potential Token Exfiltration via localStorage.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| LOW | Potential Token Exfiltration via localStorage The MSAL configuration uses `localStorage` for caching authentication state and tokens. While common in Single Page Applications (SPAs), `localStorage` is vulnerable to Cross-Site Scripting (XSS) attacks. If an XSS vulnerability exists in the host application, an attacker could access and exfiltrate tokens stored in `localStorage`, leading to session hijacking or unauthorized access. The skill itself notes `sessionStorage` as an alternative. Consider using `sessionStorage` instead of `localStorage` for token caching, as `sessionStorage` is cleared when the tab is closed, reducing the window of opportunity for XSS-based token theft. Alternatively, ensure robust XSS protection mechanisms are in place across the entire application to prevent token access. For highly sensitive applications, explore server-side token storage or HttpOnly cookies if applicable to your architecture. | LLM | templates/msal-config.ts:29 |
Scan History
Embed Code
[](https://skillshield.io/report/2774984a59438d8d)
Powered by SkillShield