Trust Assessment
daily-news received a trust score of 37/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 6 findings: 1 critical, 1 high, 4 medium, and 0 low severity. Key findings include Suspicious import: requests, Unpinned Python dependency version, Potential Prompt Injection via External News Content.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 55/100, indicating areas for improvement.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings6
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Potential Prompt Injection via External News Content The skill fetches news headlines from external, untrusted sources (Baidu, Google Trends) and is explicitly instructed in `SKILL.md` to 'Return the script's output directly as the final answer' to the host LLM. An attacker who can influence the content of these news sources (e.g., by publishing a malicious headline) could inject instructions or prompts into the LLM, potentially leading to unauthorized actions, data exfiltration, or manipulation of the LLM's behavior. Implement a sanitization or filtering step for the fetched news content before returning it to the LLM. Alternatively, instruct the LLM to summarize or extract specific information from the news rather than directly echoing the raw content. | LLM | SKILL.md:16 | |
| HIGH | Unpinned Python Dependencies The `requirements.txt` file specifies Python packages (`beautifulsoup4`, `requests`, `feedparser`) without pinning them to exact versions. This practice can lead to non-deterministic builds, installation of vulnerable package versions, or even malicious versions if a package maintainer's account is compromised or a typosquatting attack occurs. This introduces a significant supply chain risk. Pin all dependencies to exact versions (e.g., `beautifulsoup4==4.10.0`). Use a lock file (e.g., `pip freeze > requirements.lock`) or a tool like `pip-tools` to manage dependencies deterministically. | LLM | requirements.txt:1 | |
| MEDIUM | Suspicious import: requests Import of 'requests' detected. This module provides network or low-level system access. Verify this import is necessary. Network and system modules in skill code may indicate data exfiltration. | Static | skills/ym2760184260/daily-news/daily_news.py:2 | |
| MEDIUM | Unpinned Python dependency version Requirement 'beautifulsoup4' is not pinned to an exact version. Pin Python dependencies with '==<exact version>'. | Dependencies | skills/ym2760184260/daily-news/requirements.txt:1 | |
| MEDIUM | Unpinned Python dependency version Requirement 'requests' is not pinned to an exact version. Pin Python dependencies with '==<exact version>'. | Dependencies | skills/ym2760184260/daily-news/requirements.txt:2 | |
| MEDIUM | Unpinned Python dependency version Requirement 'feedparser' is not pinned to an exact version. Pin Python dependencies with '==<exact version>'. | Dependencies | skills/ym2760184260/daily-news/requirements.txt:3 |
Scan History
Embed Code
[](https://skillshield.io/report/c6bc9aa782e3b00f)
Powered by SkillShield