Trust Assessment
get-tldr received a trust score of 58/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 4 findings: 1 critical, 1 high, 2 medium, and 0 low severity. Key findings include Suspicious import: requests, Skill attempts to manipulate host LLM instructions, User-controlled log file path allows arbitrary file writes.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 48/100, indicating areas for improvement.
Last analyzed on February 12, 2026 (commit 9c1b8e80). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings4
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Skill attempts to manipulate host LLM instructions The `SKILL.md` file, which is explicitly marked as untrusted input, contains direct instructions for the host LLM on how to process the API response (e.g., 'IMPORTANT: The API response is already a summary; the skill must NOT further summarize or alter the content...'). This is an attempt to inject instructions into the host LLM's prompt, overriding its default behavior and potentially leading to unexpected or malicious actions by the LLM. Remove all instructions intended for the host LLM from the untrusted `SKILL.md` content. The skill's behavior should be defined by its code and manifest, not by instructions embedded in user-facing documentation or untrusted input. | LLM | SKILL.md:10 | |
| HIGH | User-controlled log file path allows arbitrary file writes The `get_tldr.py` script allows the `logfile` path to be configured via `~/.config/get-tldr/config.json`. The path is expanded using `os.path.expanduser()`. An attacker who can modify this configuration file could specify an arbitrary file path, potentially leading to writing sensitive summary data (URLs and their summaries) to an attacker-controlled location, overwriting critical system files, or filling up disk space. This constitutes both a data exfiltration risk (if the path is accessible to an attacker) and an excessive permission risk (arbitrary file write). Restrict the `logfile` path to a predefined, secure directory (e.g., within the skill's own data directory or a dedicated log directory) and sanitize any user-provided path components to prevent directory traversal attacks. Do not allow arbitrary paths. | LLM | get_tldr.py:27 | |
| MEDIUM | Suspicious import: requests Import of 'requests' detected. This module provides network or low-level system access. Verify this import is necessary. Network and system modules in skill code may indicate data exfiltration. | Static | skills/itobey/get-tldr/get_tldr.py:16 | |
| MEDIUM | Unpinned `requests` dependency introduces supply chain risk The `get_tldr.py` script imports the `requests` library without specifying a version. This means that any future installation or update of the skill could pull in a new version of `requests` that might introduce breaking changes, new vulnerabilities, or unexpected behavior. This lack of version pinning makes the skill susceptible to supply chain attacks or unexpected failures. Specify a pinned version or a version range for the `requests` library in a `requirements.txt` file or similar dependency management mechanism. For example, `requests==2.28.1`. | LLM | get_tldr.py:10 |
Scan History
Embed Code
[](https://skillshield.io/report/043382c92a186ec2)
Powered by SkillShield