Trust Assessment
character-creator received a trust score of 73/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 2 findings: 0 critical, 2 high, 0 medium, and 0 low severity. Key findings include User input directly injected into image generation prompt, Unsanitized user input embedded in local HTML files (XSS).
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings2
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | User input directly injected into image generation prompt The skill constructs prompts for the `fal-ai/bytedance/seedream/v4.5/text-to-image` model by directly incorporating user-provided character descriptions (`[详细角色描述]`, `[基础角色描述]`). An attacker could craft malicious instructions within their character description to manipulate the image generation model's behavior, potentially leading to unintended image content, resource exhaustion, or other undesirable outcomes. Implement robust sanitization and validation of user input before incorporating it into prompts for downstream models. Consider using a structured prompt template that strictly separates user input from model instructions, or escape special characters that could be interpreted as instructions by the image generation model. | LLM | SKILL.md:27 | |
| HIGH | Unsanitized user input embedded in local HTML files (XSS) The skill generates local HTML files (`character-portrait.html`, `character-gallery.html`) that embed user-controlled content such as `{{CHARACTER_NAME}}` and `{{CHARACTER_DESCRIPTION}}`. If these values are not properly sanitized before insertion, a malicious user could inject arbitrary HTML or JavaScript. When these local files are opened in a browser, the injected scripts could execute, potentially leading to local file access (if browser security policies allow), data exfiltration, or other client-side attacks. Before embedding any user-provided or user-derived text into HTML output, ensure it is properly HTML-escaped. This prevents the browser from interpreting user input as executable code or markup. | LLM | SKILL.md:40 |
Scan History
Embed Code
[](https://skillshield.io/report/cfbdfc76848c24cc)
Powered by SkillShield