Trust Assessment
google-web-search received a trust score of 87/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 3 findings: 0 critical, 0 high, 2 medium, and 0 low severity. Key findings include Unpinned Python dependency version, Potential for LLM Prompt Injection, Unpinned or Loosely Pinned Dependencies.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| MEDIUM | Unpinned Python dependency version Dependency 'google-genai>=1.50.0' is not pinned to an exact version. Pin Python dependencies with exact versions where feasible. | Dependencies | skills/theoseo/google-web-search/pyproject.toml | |
| MEDIUM | Potential for LLM Prompt Injection The `prompt` argument, which is user-controlled input, is directly passed to the `client.models.generate_content` method without any explicit sanitization or validation. This exposes the underlying Gemini model to prompt injection attacks, where a malicious user could craft input to manipulate the model's behavior, extract sensitive information (if the model has access to it), or steer its responses in unintended ways. While this is an inherent risk of interacting with LLMs, the skill does not implement any specific mitigations. Implement robust prompt sanitization, validation, or use LLM-specific guardrails if available. Consider using a separate, hardened prompt template that limits user input to specific slots, or employ techniques like input validation against known malicious patterns. Educate users on safe prompt engineering practices. | LLM | scripts/example.py:40 | |
| INFO | Unpinned or Loosely Pinned Dependencies The `pyproject.toml` and `requirements.txt` files specify dependencies with minimum version constraints (e.g., `google-genai>=1.50.0`, `pydantic-settings>=2.0.0`). While this ensures a minimum version, it allows for automatic updates to newer versions without explicit review. This can introduce supply chain risks if a future version of a dependency contains a breaking change, a new vulnerability, or malicious code. Exact pinning (e.g., `==1.50.0`) or the use of a lock file (e.g., `poetry.lock`, `pip freeze > requirements.txt`) is generally recommended for production environments to ensure deterministic builds and reduce unexpected changes. Pin all dependencies to exact versions (e.g., `package==X.Y.Z`) to ensure deterministic builds and prevent unexpected updates. Alternatively, use a dependency lock file (e.g., `poetry.lock` or `pip freeze > requirements.txt`) and ensure it is regularly updated and reviewed. | LLM | pyproject.toml:6 |
Scan History
Embed Code
[](https://skillshield.io/report/4d5ef05b6aa9e83a)
Powered by SkillShield