Trust Assessment
intercom-competition received a trust score of 65/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 3 findings: 1 critical, 1 high, 1 medium, and 0 low severity. Key findings include Direct instruction to LLM to solicit sensitive user data or extract wallet info, Unpinned external repository dependency, Broad operational scope requiring extensive agent permissions.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 48/100, indicating areas for improvement.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Direct instruction to LLM to solicit sensitive user data or extract wallet info The skill explicitly instructs the agent to 'ask your human' for a Trac address or to 'directly extract' it from a wallet. This is a direct prompt injection attempt to manipulate the LLM's behavior to obtain sensitive information (even if public, the method of extraction could be problematic) from the user or internal agent state. This could lead to data exfiltration if the agent has access to such data. Remove direct instructions to the LLM to solicit information from the human or to extract data from internal agent components. Instead, the skill should assume the necessary information is provided by the user or available through secure, pre-approved agent capabilities. | LLM | SKILL.md:30 | |
| HIGH | Unpinned external repository dependency The skill instructs the agent to clone and fork `https://github.com/Trac-Systems/intercom` without specifying a particular commit hash or version tag. This means the agent will likely use the latest `main` branch, which could change over time. A compromise of the upstream repository could lead to the agent cloning and executing malicious code. Specify a fixed commit hash or version tag for all external repository dependencies to ensure deterministic and secure builds. E.g., `https://github.com/Trac-Systems/intercom@<commit_hash>`. | LLM | SKILL.md:22 | |
| MEDIUM | Broad operational scope requiring extensive agent permissions The competition instructions require the agent to perform a wide range of actions including cloning, forking, building applications, modifying local files (README, SKILL.md), and interacting with external web services (GitHub, Moltbook). This implies the agent needs extensive filesystem, network, and potentially code execution permissions, which could be abused if the agent's environment is not properly sandboxed or if subsequent instructions are malicious. Ensure the agent operates within a strictly sandboxed environment with minimal necessary permissions. Implement robust access controls and monitoring for all external interactions (e.g., GitHub API calls, file system modifications). Clearly define the scope of allowed actions for the agent. | LLM | SKILL.md:15 |
Scan History
Embed Code
[](https://skillshield.io/report/e42c10143467e311)
Powered by SkillShield