Trust Assessment
dsp received a trust score of 75/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 3 findings: 0 critical, 1 high, 2 medium, and 0 low severity. Key findings include Missing required field: name, Potential Prompt Injection via external file content, Risk of sensitive data exposure from external file.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Potential Prompt Injection via external file content The skill's execution flow explicitly states that it will "根据“柴山福产品资料.md”内容写短视频文案" (Write short video copy based on the content of "柴山福产品资料.md"). If the content of "柴山福产品资料.md" can be influenced or controlled by an untrusted source, an attacker could embed malicious instructions within this file. These instructions would then be fed to the underlying Large Language Model (LLM), potentially overriding its system prompts, extracting sensitive information, or performing unintended actions. Ensure that "柴山福产品资料.md" is a trusted, immutable, and securely managed file. If the file is intended to be dynamic or user-provided, implement strict sanitization and validation of its content before feeding it to the LLM. Consider using a dedicated prompt template that clearly separates user input from system instructions. | LLM | SKILL.md:16 | |
| MEDIUM | Missing required field: name The 'name' field is required for claude_code skills but is missing from frontmatter. Add a 'name' field to the SKILL.md frontmatter. | Static | skills/zealiao/dsp/SKILL.md:1 | |
| MEDIUM | Risk of sensitive data exposure from external file The skill processes the content of "柴山福产品资料.md" to generate short video copy. If this file contains sensitive or confidential information, there is a risk that the LLM might inadvertently include or summarize this sensitive data in its output. This could lead to unauthorized disclosure if the generated output is accessible to untrusted parties. Implement data handling policies to ensure "柴山福产品资料.md" does not contain sensitive information that should not be exposed. If sensitive data is necessary, instruct the LLM explicitly to redact or generalize such information in its output. Ensure that the output channel for the generated content is secure and only accessible to authorized users. | LLM | SKILL.md:16 |
Scan History
Embed Code
[](https://skillshield.io/report/9be87d74bbafd9bd)
Powered by SkillShield