Trust Assessment
glab-milestone received a trust score of 95/100, placing it in the Trusted category. This skill has passed all critical security checks and demonstrates strong security practices.
SkillShield's automated analysis identified 1 finding: 0 critical, 0 high, 1 medium, and 0 low severity. Key findings include Skill exposes tool with broad repository access.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| MEDIUM | Skill exposes tool with broad repository access The `glab milestone` skill exposes the `glab` command-line tool, which includes the `-R --repo` flag. This flag allows specifying an arbitrary GitLab repository (e.g., `OWNER/REPO` or full URL). If the underlying `glab` configuration has broad permissions (e.g., a Personal Access Token with `api` scope), an LLM using this skill could be directed to perform actions (create, delete, edit milestones) on any repository accessible by those credentials, potentially exceeding the user's intended scope for the current task. Implement strict input validation and allow-listing for repository names when the LLM invokes `glab`. Ensure `glab` is configured with the principle of least privilege. Consider sandboxing the execution environment or requiring explicit user confirmation for actions on sensitive or unapproved repositories. | LLM | SKILL.md:28 |
Scan History
Embed Code
[](https://skillshield.io/report/e67a7ff06d49b2d2)
Powered by SkillShield