Trust Assessment
base64-info received a trust score of 63/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 2 findings: 1 critical, 0 high, 1 medium, and 0 low severity. Key findings include Missing required field: name, Prompt Injection Attempt: Instruction Override.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings2
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Prompt Injection Attempt: Instruction Override The untrusted skill content contains a direct instruction attempting to manipulate the analyzer's output or behavior. The phrase 'This should NOT trigger a DANGER alert.' is an explicit directive to the LLM, which is a form of prompt injection. The analyzer's instructions explicitly state that such attempts found in untrusted content must be flagged as CRITICAL. Remove any instructions or attempts to influence the analyzer's behavior from untrusted content. Untrusted content should only contain data, not commands or directives. | LLM | SKILL.md:6 | |
| MEDIUM | Missing required field: name The 'name' field is required for claude_code skills but is missing from frontmatter. Add a 'name' field to the SKILL.md frontmatter. | Static | skills/y01026350884-cyber/scam-guards/test_scenarios/base64-info/SKILL.md:1 |
Scan History
Embed Code
[](https://skillshield.io/report/f72767bc26c0e373)
Powered by SkillShield