Trust Assessment
daily-recap received a trust score of 94/100, placing it in the Trusted category. This skill has passed all critical security checks and demonstrates strong security practices.
SkillShield's automated analysis identified 1 finding: 0 critical, 0 high, 1 medium, and 0 low severity. Key findings include Unpinned skill dependency.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 12, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| MEDIUM | Unpinned skill dependency The skill `daily-recap` declares a dependency on `nano-banana-pro` in its manifest but does not specify a version. This allows for automatic updates to potentially incompatible or malicious versions of the dependency, introducing supply chain risks. An attacker could introduce malicious code into a new version of `nano-banana-pro`, which would then be automatically pulled and executed by `daily-recap` without explicit review. Pin the dependency `nano-banana-pro` to a specific version or version range (e.g., `"nano-banana-pro": "1.2.3"` or `"nano-banana-pro": "^1.0.0"`) in the skill's manifest to ensure stability and prevent unexpected or malicious changes from upstream. | LLM | SKILL.md:1 |
Scan History
Embed Code
[](https://skillshield.io/report/04ff2555c632ae4c)
Powered by SkillShield