Trust Assessment
cloudflare-gen received a trust score of 62/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 3 findings: 1 critical, 0 high, 1 medium, and 1 low severity. Key findings include Unpinned npm dependency version, Direct Prompt Injection via User Input, Unpinned Dependencies in package.json.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 68/100, indicating areas for improvement.
Last analyzed on February 12, 2026 (commit 5acc5677). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Direct Prompt Injection via User Input The user-provided 'description' is directly interpolated into the LLM's 'user' message without any sanitization or escaping. This allows an attacker to manipulate the LLM's behavior, override system instructions, or extract sensitive information, including the system prompt itself. For example, a malicious 'description' could instruct the LLM to ignore its primary task and instead reveal its internal instructions or generate harmful content. Implement robust input validation and sanitization for user-provided descriptions. Consider using techniques like prompt templating with strict variable insertion, or a separate LLM call to validate/sanitize user input before it's passed to the main generation prompt. Ensure the LLM's system prompt is robust against adversarial instructions. | LLM | src/index.ts:9 | |
| MEDIUM | Unpinned npm dependency version Dependency 'commander' is not pinned to an exact version ('^12.1.0'). Pin dependencies to exact versions to reduce drift and supply-chain risk. | Dependencies | skills/lxgicstudios/cloudflare-config/package.json | |
| LOW | Unpinned Dependencies in package.json The `package.json` file specifies dependencies using caret ranges (e.g., `^12.1.0`), which allows for automatic updates to new minor or patch versions. While a `package-lock.json` is present to pin exact versions for reproducible builds, relying solely on `package.json` (e.g., in environments where the lockfile is not used or is outdated) could lead to unexpected dependency versions being installed. This introduces a minor supply chain risk as new versions could potentially contain vulnerabilities or breaking changes not present in the originally tested versions. Consider pinning exact versions for all production dependencies in `package.json` to ensure consistent builds across all environments. Alternatively, ensure that `package-lock.json` is always used for dependency installation (e.g., `npm ci` or `npm install --frozen-lockfile`). Regularly audit dependencies for known vulnerabilities. | LLM | package.json:10 |
Scan History
Embed Code
[](https://skillshield.io/report/01e6145ada906f9d)
Powered by SkillShield