Trust Assessment
content-ideas-generator received a trust score of 90/100, placing it in the Trusted category. This skill has passed all critical security checks and demonstrates strong security practices.
SkillShield's automated analysis identified 1 finding: 0 critical, 1 high, 0 medium, and 0 low severity. Key findings include Potential SSRF via web_fetch tool with user-provided URL.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Potential SSRF via web_fetch tool with user-provided URL The skill explicitly instructs the agent to use a `web_fetch` tool to retrieve content from a user-provided URL. If the `web_fetch` tool is not adequately sandboxed or protected against Server-Side Request Forgery (SSRF) attacks, a malicious user could provide a URL pointing to internal network resources (e.g., `http://localhost:8080/admin`) or local files (e.g., `file:///etc/passwd`), leading to data exfiltration, internal network reconnaissance, or other unauthorized access. Ensure the `web_fetch` tool is strictly sandboxed to prevent access to local files (e.g., `file://` scheme) and internal network addresses (e.g., private IP ranges, `localhost`). Implement robust URL validation and sanitization to block suspicious schemes or hosts. Consider using an allow-list for domains if possible, or at minimum, a deny-list for known dangerous patterns. | LLM | SKILL.md:47 |
Scan History
Embed Code
[](https://skillshield.io/report/798d9cccb58ebaa5)
Powered by SkillShield