Trust Assessment
git-summary received a trust score of 94/100, placing it in the Trusted category. This skill has passed all critical security checks and demonstrates strong security practices.
SkillShield's automated analysis identified 1 finding: 0 critical, 0 high, 1 medium, and 0 low severity. Key findings include Git remote URLs may expose credentials.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| MEDIUM | Git remote URLs may expose credentials The skill instructs the LLM to execute `git remote -v` and then to 'list remotes with URLs'. If a Git remote URL contains embedded credentials (e.g., `https://user:token@github.com/repo.git`), these credentials will be exposed in the output presented by the skill. Although the 'Notes' section advises against exposing tokens, the explicit instruction to list full URLs creates a direct path for data exfiltration. Modify the instructions to explicitly filter or redact sensitive parts of remote URLs before presenting them. For example, instruct the LLM to parse the output of `git remote -v` and only show the remote name and a sanitized URL (e.g., replacing `user:token@` with `***:***@` or removing it entirely) or only the base URL without credentials. | LLM | SKILL.md:27 |
Scan History
Embed Code
[](https://skillshield.io/report/8feec7636e9d4bc3)
Powered by SkillShield