Trust Assessment
chilledsites received a trust score of 95/100, placing it in the Trusted category. This skill has passed all critical security checks and demonstrates strong security practices.
SkillShield's automated analysis identified 1 finding: 0 critical, 0 high, 1 medium, and 0 low severity. Key findings include Unauthenticated Account Creation via Agent Manipulation.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 12, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| MEDIUM | Unauthenticated Account Creation via Agent Manipulation The `agent-signup` endpoint allows for the creation of a new ChilledSites account and generation of API keys without requiring prior authentication. An attacker could potentially manipulate the AI agent (via prompt injection) to call this endpoint with an email address controlled by the attacker. This would result in the attacker gaining access to a new ChilledSites account and its associated free tokens, effectively using the agent's execution context to harvest new service credentials and abuse resources. Implement robust input validation and user confirmation for sensitive actions like account creation, especially when the input (like email) is derived from untrusted user prompts. Consider requiring explicit user consent or a pre-registered email for agent-initiated sign-ups. Alternatively, the skill should be designed to only use pre-existing, securely stored credentials and not initiate new account creation based on agent prompts. | LLM | SKILL.md:29 |
Scan History
Embed Code
[](https://skillshield.io/report/0ac6e44c80f551f9)
Powered by SkillShield