Trust Assessment
doc-coauthoring received a trust score of 73/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 2 findings: 0 critical, 2 high, 0 medium, and 0 low severity. Key findings include Broad Read Access to User-Provided Files/Links, Unrestricted File Creation in Working Directory.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings2
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Broad Read Access to User-Provided Files/Links The skill instructs the agent to read content from user-provided links and files, and to use integrations to pull context from various external services (Slack, Google Drive, etc.). If the agent is granted broad read permissions to the filesystem or external integrations, a malicious user could provide links or file paths pointing to sensitive internal data, leading to data exfiltration. The skill explicitly states 'If they provide a link to a shared document, use the appropriate integration to fetch it' and 'If they provide a file, read it'. Implement strict sandboxing for file and integration access. Validate all user-provided links and file paths to prevent access to unauthorized resources. Ensure integrations only access explicitly permitted scopes and data. Consider a whitelist approach for allowed domains/file types. | LLM | SKILL.md:40 | |
| HIGH | Unrestricted File Creation in Working Directory The skill instructs the agent to create files in the 'working directory' using `create_file`. If the agent's working directory is not sufficiently sandboxed, or if the filename can be influenced by untrusted user input (e.g., through path traversal characters in the document name), this could lead to arbitrary file creation, overwriting critical system files, or placing malicious scripts in executable paths. The skill states 'Use `create_file` to create an artifact.' and 'Create a markdown file in the working directory. Name it appropriately (e.g., `decision-doc.md`, `technical-spec.md`).' Implement strict sandboxing for file creation, restricting it to a dedicated, isolated, and non-executable directory. Sanitize all user-influenced filenames to prevent path traversal (`../`) or special characters. Ensure that the `create_file` tool itself enforces these restrictions. | LLM | SKILL.md:146 |
Scan History
Embed Code
[](https://skillshield.io/report/abb2653bfda2db4e)
Powered by SkillShield