Trust Assessment
jb-docs received a trust score of 95/100, placing it in the Trusted category. This skill has passed all critical security checks and demonstrates strong security practices.
SkillShield's automated analysis identified 1 finding: 0 critical, 0 high, 1 medium, and 0 low severity. Key findings include Skill encourages local filesystem access.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 12, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| MEDIUM | Skill encourages local filesystem access The skill's 'Generation Guidelines' explicitly instruct the LLM to 'Reference the /references folder for offline interface/struct definitions'. This implies the LLM has direct read access to a local filesystem path. If the LLM's file access is not strictly sandboxed to only allowed skill-specific files or directories, this could be exploited to read arbitrary local files, leading to data exfiltration or unauthorized information disclosure. Ensure the LLM's file system access is strictly confined to a secure sandbox. If the `/references` folder is intended to be part of the skill's package, ensure it's read-only and cannot be traversed outside its scope. If the skill is meant to provide data from this folder, consider packaging it as part of the skill's data rather than relying on general filesystem access that could be abused. | LLM | SKILL.md:106 |
Scan History
Embed Code
[](https://skillshield.io/report/06725014f9c7a050)
Powered by SkillShield