Trust Assessment
hvac-estimate-takeoff received a trust score of 58/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 4 findings: 0 critical, 3 high, 1 medium, and 0 low severity. Key findings include Missing required field: name, Untrusted PDF content directly fed to LLM output.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 55/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings4
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Untrusted PDF content directly fed to LLM output The skill processes user-provided PDF files and extracts their text content into markdown and JSON formats. This extracted content is then written to files (output.md, output.json, tables.json) which are likely consumed by a downstream LLM. A malicious PDF could contain prompt injection payloads, allowing an attacker to manipulate the host LLM by embedding instructions within the PDF's text. The skill's manifest explicitly states 'output: table', indicating the extracted data is intended for further processing, likely by an LLM. Implement sanitization or filtering of extracted text before feeding it to an LLM. This could involve stripping specific keywords, using a separate LLM to filter prompts, or converting text to a format less susceptible to injection (e.g., image representation). Clearly define trust boundaries for LLM inputs and consider if raw text extraction is appropriate for untrusted sources. | LLM | scripts/pymupdf_parse.py:49 | |
| HIGH | Untrusted PDF content directly fed to LLM output The skill processes user-provided PDF files and extracts their text content into markdown and JSON formats. This extracted content is then written to files (output.md, output.json, tables.json) which are likely consumed by a downstream LLM. A malicious PDF could contain prompt injection payloads, allowing an attacker to manipulate the host LLM by embedding instructions within the PDF's text. The skill's manifest explicitly states 'output: table', indicating the extracted data is intended for further processing, likely by an LLM. Implement sanitization or filtering of extracted text before feeding it to an LLM. This could involve stripping specific keywords, using a separate LLM to filter prompts, or converting text to a format less susceptible to injection (e.g., image representation). Clearly define trust boundaries for LLM inputs and consider if raw text extraction is appropriate for untrusted sources. | LLM | scripts/pymupdf_parse.py:52 | |
| HIGH | Untrusted PDF content directly fed to LLM output The skill processes user-provided PDF files and extracts their text content into markdown and JSON formats. This extracted content is then written to files (output.md, output.json, tables.json) which are likely consumed by a downstream LLM. A malicious PDF could contain prompt injection payloads, allowing an attacker to manipulate the host LLM by embedding instructions within the PDF's text. The skill's manifest explicitly states 'output: table', indicating the extracted data is intended for further processing, likely by an LLM. Implement sanitization or filtering of extracted text before feeding it to an LLM. This could involve stripping specific keywords, using a separate LLM to filter prompts, or converting text to a format less susceptible to injection (e.g., image representation). Clearly define trust boundaries for LLM inputs and consider if raw text extraction is appropriate for untrusted sources. | LLM | scripts/pymupdf_parse.py:67 | |
| MEDIUM | Missing required field: name The 'name' field is required for claude_code skills but is missing from frontmatter. Add a 'name' field to the SKILL.md frontmatter. | Static | skills/bsinriclawd/hvac-estimate-takeoff/SKILL.md:1 |
Scan History
Embed Code
[](https://skillshield.io/report/86e2ae2b40bf4c20)
Powered by SkillShield