Trust Assessment
google-teneo received a trust score of 71/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 3 findings: 0 critical, 2 high, 1 medium, and 0 low severity. Key findings include Unsanitized user input passed to agent for search query, Unpinned NPM dependencies in installation instructions, Direct use of sensitive private key from environment variables.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 63/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Unsanitized user input passed to agent for search query The `sendMessage` function, as demonstrated in the usage examples, passes user-provided `keyword` directly to the `@google` agent without explicit sanitization. If the `@google` agent is an LLM or if the underlying search service is vulnerable to query manipulation, this could lead to prompt injection. An attacker could craft malicious input in the `keyword` to manipulate the agent's behavior, extract sensitive information, or bypass intended functionality. Implement robust input sanitization and validation for the `keyword` argument before sending it to the agent. If the agent is LLM-based, consider using a structured input format or a dedicated prompt templating library to strictly separate user input from system instructions. | LLM | SKILL.md:100 | |
| HIGH | Direct use of sensitive private key from environment variables The skill requires an Ethereum private key to be stored in a `.env` file and directly passed to the `TeneoSDK` constructor. While necessary for the skill's payment functionality, storing high-value credentials like private keys in `.env` files and directly using them in application code carries a significant risk. If the `.env` file is accidentally committed to version control, or if the execution environment is compromised, the private key could be exposed, leading to unauthorized transactions and potential loss of funds. Advise users on best practices for securing private keys, such as using dedicated secret management services (e.g., AWS Secrets Manager, HashiCorp Vault), hardware security modules (HSMs), or environment variables managed by secure deployment pipelines, rather than directly in `.env` files for production. Emphasize never committing `.env` files to version control. For development, consider using a local key management solution or a testnet key. | LLM | SKILL.md:80 | |
| MEDIUM | Unpinned NPM dependencies in installation instructions The `npm install` command in the setup instructions recommends installing `@teneo-protocol/sdk` and `dotenv` without specifying exact versions. This practice can lead to non-deterministic builds and introduces a supply chain risk. If a future version of either package introduces a vulnerability or malicious code, it could be automatically installed, compromising the skill's security. Pin dependency versions in `package.json` (e.g., `^1.0.0` or `1.0.0`) and use `npm install` to install from `package-lock.json` for deterministic builds. For installation instructions, recommend `npm install --save-exact @teneo-protocol/sdk@X.Y.Z dotenv@A.B.C` or advise users to manage dependencies via `package.json`. | LLM | SKILL.md:75 |
Scan History
Embed Code
[](https://skillshield.io/report/769ad5ba0cf49798)
Powered by SkillShield