Trust Assessment
layout-analyzer received a trust score of 68/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 3 findings: 0 critical, 2 high, 1 medium, and 0 low severity. Key findings include Arbitrary file read via user-controlled paths, Broad 'file_operations' permission without scope limitation, Unpinned dependencies in installation instructions.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 63/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Arbitrary file read via user-controlled paths The skill uses `file_operations` and demonstrates reading files (e.g., `Image.open`, `convert_from_path`) where the file path is expected to be provided by the user. Without proper input validation or sandboxing, a malicious user could provide paths to sensitive system files (e.g., `/etc/passwd`, `/app/secrets.env`), allowing the skill to read their content and potentially exfiltrate it via the LLM's output. Implement strict input validation for file paths to ensure they refer only to allowed, user-uploaded files within a sandboxed directory. Avoid allowing arbitrary paths. Consider using a dedicated file upload mechanism that returns a secure, sandboxed path. | LLM | SKILL.md:109 | |
| HIGH | Broad 'file_operations' permission without scope limitation The skill manifest declares `file_operations` without specifying any scope limitations (e.g., read-only, specific directories). This broad permission, combined with the skill's functionality of processing user-specified documents, creates a high risk of data exfiltration or unauthorized file access if file paths are not rigorously validated. Restrict `file_operations` to the absolute minimum necessary. If possible, specify read-only access and limit operations to a designated, isolated directory for user-uploaded content. Implement a secure file handling mechanism that prevents path traversal. | LLM | SKILL.md:1 | |
| MEDIUM | Unpinned dependencies in installation instructions The installation instructions recommend `pip install surya-ocr` and `pip install pdf2image` without specifying exact version numbers. This practice can lead to supply chain vulnerabilities, as future versions of these packages might introduce breaking changes, security flaws, or even malicious code. Pin all dependencies to specific, known-good versions (e.g., `surya-ocr==X.Y.Z`). Regularly review and update these pinned versions after verifying their integrity and security. | LLM | SKILL.md:305 |
Scan History
Embed Code
[](https://skillshield.io/report/340617868bafa481)
Powered by SkillShield