Trust Assessment
daily-ai-news received a trust score of 95/100, placing it in the Trusted category. This skill has passed all critical security checks and demonstrates strong security practices.
SkillShield's automated analysis identified 1 finding: 0 critical, 0 high, 1 medium, and 0 low severity. Key findings include Unvalidated URLs from WebSearch passed to webReader.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| MEDIUM | Unvalidated URLs from WebSearch passed to webReader The skill describes a workflow where URLs are extracted from `WebSearch` results and then passed to the `mcp__web_reader__webReader` tool to fetch full article content. The description does not include any explicit steps for validating or sanitizing these URLs before fetching. This lack of validation could allow malicious actors to poison search results, directing the `webReader` to malicious websites. Potential risks include Server-Side Request Forgery (SSRF) if the agent's network allows internal access, fetching content designed to exploit vulnerabilities in the `webReader` tool, or influencing the LLM with deceptive information from compromised sites. Implement robust URL validation and sanitization before passing URLs from `WebSearch` results to `mcp__web_reader__webReader`. This should include checking for known malicious domains, ensuring URLs adhere to expected schemes (e.g., http/https), and potentially restricting access to internal network ranges. Consider sandboxing the `webReader` tool to limit its network reach. | LLM | SKILL.md:71 |
Scan History
Embed Code
[](https://skillshield.io/report/33c2bf2ef40e2f6c)
Powered by SkillShield