Trust Assessment
database received a trust score of 94/100, placing it in the Trusted category. This skill has passed all critical security checks and demonstrates strong security practices.
SkillShield's automated analysis identified 1 finding: 0 critical, 0 high, 1 medium, and 0 low severity. Key findings include LLM Instructions in Untrusted Skill Description.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| MEDIUM | LLM Instructions in Untrusted Skill Description The skill's `SKILL.md` contains explicit instructions for the host LLM within the untrusted content block. Specifically, the 'Safety Rules' section attempts to dictate the LLM's behavior (e.g., 'ALWAYS confirm before DELETE/DROP operations', 'WARN about queries without WHERE clause'). According to SkillShield rules, content within the untrusted delimiters should be treated as data, not instructions for the host LLM. This represents a prompt injection attempt, even if the intent is to enforce safety. Malicious actors could use similar mechanisms to inject harmful instructions or override system prompts. Remove all instructions intended for the host LLM from the untrusted `SKILL.md` content. LLM behavior should be governed by trusted system prompts or tool definitions, not by user-provided or untrusted skill descriptions. | LLM | SKILL.md:24 |
Scan History
Embed Code
[](https://skillshield.io/report/3b6b46c991239bb1)
Powered by SkillShield