Trust Assessment
frankenstein received a trust score of 90/100, placing it in the Trusted category. This skill has passed all critical security checks and demonstrates strong security practices.
SkillShield's automated analysis identified 1 finding: 0 critical, 1 high, 0 medium, and 0 low severity. Key findings include Potential Prompt Injection in Sub-Agent Task.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 12, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Potential Prompt Injection in Sub-Agent Task The skill describes spawning sub-agents using `sessions_spawn` with a `task` parameter that includes a `[topic]` placeholder. If this `[topic]` is derived directly from unsanitized user input (e.g., from the initial user request like 'Frankenstein me an SEO audit skill'), a malicious user could craft input to inject instructions into the sub-agent's prompt. This could lead to the sub-agent performing unintended actions, generating malicious code, or exfiltrating data during its analysis or synthesis tasks. Implement robust input sanitization and validation for any user-provided text that is incorporated into sub-agent prompts. Specifically, ensure `[topic]` is escaped or filtered to prevent it from being interpreted as instructions by the sub-agent LLM. Consider using a structured data format for sub-agent tasks instead of free-form text if possible. | LLM | SKILL.md:169 |
Scan History
Embed Code
[](https://skillshield.io/report/0cc32c7d35f37755)
Powered by SkillShield