Trust Assessment
book-brake-service received a trust score of 95/100, placing it in the Trusted category. This skill has passed all critical security checks and demonstrates strong security practices.
SkillShield's automated analysis identified 1 finding: 0 critical, 0 high, 1 medium, and 0 low severity. Key findings include Skill defines tool handling Personally Identifiable Information (PII).
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| MEDIUM | Skill defines tool handling Personally Identifiable Information (PII) The `create_booking` tool is designed to accept sensitive Personally Identifiable Information (PII) including `customerName`, `customerEmail`, and `customerPhone`. While these parameters are necessary for the tool's intended booking functionality, this capability introduces a data exfiltration risk. A malicious prompt could induce the LLM to extract and transmit user PII to this tool, or vulnerabilities in the tool's backend implementation could lead to unauthorized data leakage. Ensure strict controls on how the LLM collects and passes PII to this tool, preventing unauthorized data extraction or transmission. Implement robust data validation, sanitization, and access controls within the `create_booking` tool's backend to protect sensitive user data. Adhere to data minimization principles, only collecting necessary information. | LLM | SKILL.md:40 |
Scan History
Embed Code
[](https://skillshield.io/report/899ad6c5a88a7d44)
Powered by SkillShield