Trust Assessment
intelligence-suite received a trust score of 65/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 4 findings: 0 critical, 2 high, 1 medium, and 1 low severity. Key findings include Node lockfile missing, Potential Prompt Injection via External Article Content, Use of Release Candidate Dependency.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 63/100, indicating areas for improvement.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings4
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Potential Prompt Injection via External Article Content The skill fetches content from external URLs (RSS feeds, Hacker News articles) and includes a `CONTENT_SNIPPET` from these untrusted sources directly in its `console.log` output. This output is explicitly intended for consumption by the host LLM ('Agent consumption', 'Makima's commentary/analysis'). An attacker who can control the content of an article linked in a monitored RSS feed could embed malicious instructions within the article text. When this text is passed to the LLM, it could lead to prompt injection, manipulating the LLM's behavior. Implement robust sanitization or clear delimiters for all untrusted external content before it is passed to the host LLM. Consider using a structured data format (e.g., JSON) with explicit fields for content, and instruct the LLM to only process content within those fields, ignoring any instructions outside them. Truncation is not sufficient for prevention. | LLM | scripts/monitor.js:70 | |
| HIGH | Potential Prompt Injection via External Article Content The skill fetches content from external URLs (RSS feeds, Hacker News articles) and includes a `CONTENT_SNIPPET` from these untrusted sources directly in its `console.log` output. This output is explicitly intended for consumption by the host LLM ('Agent consumption', 'Makima's commentary/analysis'). An attacker who can control the content of an article linked in a monitored RSS feed could embed malicious instructions within the article text. When this text is passed to the LLM, it could lead to prompt injection, manipulating the LLM's behavior. Implement robust sanitization or clear delimiters for all untrusted external content before it is passed to the host LLM. Consider using a structured data format (e.g., JSON) with explicit fields for content, and instruct the LLM to only process content within those fields, ignoring any instructions outside them. Truncation is not sufficient for prevention. | LLM | scripts/scan.js:100 | |
| MEDIUM | Use of Release Candidate Dependency The `package.json` specifies `cheerio: ^1.0.0-rc.12`. Using a release candidate (RC) version of a library can introduce instability, unexpected behavior, or unpatched security vulnerabilities, as RC versions are not considered production-ready. Replace the release candidate version of `cheerio` with a stable, production-ready version. Regularly audit and update dependencies to their latest stable versions. | LLM | package.json:10 | |
| LOW | Node lockfile missing package.json is present but no lockfile was found (package-lock.json, pnpm-lock.yaml, or yarn.lock). Commit a lockfile for deterministic dependency resolution. | Dependencies | skills/xhrisfu/intelligence-suite/package.json |
Scan History
Embed Code
[](https://skillshield.io/report/bef63ac95ab4957d)
Powered by SkillShield