Trust Assessment
dotnet-backend received a trust score of 86/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 1 finding: 0 critical, 1 high, 0 medium, and 0 low severity. Key findings include Excessive 'Bash' permission declared.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Excessive 'Bash' permission declared The skill declares 'Bash' as an allowed tool in its manifest. This grants the agent the ability to execute arbitrary shell commands, which is an overly broad permission for a skill primarily focused on .NET backend development. While the skill's current content does not explicitly instruct the agent to use Bash, this permission creates a significant attack surface for command injection if the agent processes untrusted input or is prompted to perform system-level operations. Restrict 'allowed-tools' to only those strictly necessary for the skill's intended function. Remove 'Bash' unless it is absolutely critical and justified for the core purpose of the skill, and consider more granular tool access if available. | LLM | SKILL.md:1 |
Scan History
Embed Code
[](https://skillshield.io/report/c63364b3a7b1c0b8)
Powered by SkillShield