Trust Assessment
lazy-loader received a trust score of 58/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 4 findings: 1 critical, 1 high, 2 medium, and 0 low severity. Key findings include Unpinned npm dependency version, Prompt Injection via User-Controlled Code, Data Exfiltration of Local Files to External LLM.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 48/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings4
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Prompt Injection via User-Controlled Code The `analyzeLazyLoad` function directly incorporates user-provided code (read from local files) into the `user` message sent to the OpenAI API. A malicious actor could embed prompt injection instructions within their source code files (e.g., comments, string literals) to manipulate the behavior of the host LLM, potentially leading to unintended actions, disclosure of system prompts, or generation of harmful content. The `combined` string, which is the concatenation of user's code chunks, is sent without sanitization or clear separation from the LLM's instructions. Implement robust sanitization or a clear separation mechanism for user-provided content. Consider using a dedicated tool call or structured data format for code analysis instead of direct text injection into the LLM prompt. If direct text injection is necessary, ensure the user content is clearly demarcated and instruct the LLM to treat it as non-instructional data. For example, wrap user code in XML tags and explicitly tell the LLM not to execute or interpret instructions within those tags. | LLM | src/index.ts:26 | |
| HIGH | Data Exfiltration of Local Files to External LLM The `scanComponents` function reads the content of various source code files (`.js, .ts, .jsx, .tsx, .vue, .svelte`) from a user-specified directory. This content is then concatenated and sent to the OpenAI API via the `analyzeLazyLoad` function. Any sensitive information (e.g., API keys, credentials, proprietary algorithms, PII) present in these local source code files will be transmitted to OpenAI, posing a significant data exfiltration risk. While the `ignore` list helps, it does not prevent the reading of other potentially sensitive files if they match the glob pattern. Avoid sending raw, unsanitized user file content to external LLMs, especially for analysis. If analysis of local code is required, consider performing it locally or implementing strict data filtering and anonymization before transmission. Provide clear warnings to users about the data being sent and ensure they consent to this data transfer. Implement mechanisms to redact sensitive patterns (e.g., API keys, secrets) from the code before sending it to the LLM. | LLM | src/index.ts:26 | |
| MEDIUM | Unpinned npm dependency version Dependency 'commander' is not pinned to an exact version ('^12.1.0'). Pin dependencies to exact versions to reduce drift and supply-chain risk. | Dependencies | skills/lxgicstudios/lazy-loader/package.json | |
| MEDIUM | Unpinned Dependencies in package.json The `package.json` file specifies dependencies using caret (`^`) ranges (e.g., `"commander": "^12.1.0"`, `"openai": "^4.73.0"`). This allows `npm` or `npx` to install newer minor or patch versions automatically. While convenient, it introduces a supply chain risk where a future, potentially malicious or vulnerable, version of a dependency could be pulled in without explicit review, even if the current version is secure. This can lead to unexpected behavior or security vulnerabilities. Pin all production dependencies to exact versions to ensure deterministic builds and prevent unexpected updates. Use `npm install --save-exact <package>` or manually remove the `^` or `~` from version numbers in `package.json`. Regularly audit and update dependencies to benefit from security patches while maintaining control over version changes. | LLM | package.json:9 |
Scan History
Embed Code
[](https://skillshield.io/report/663801baf4eef383)
Powered by SkillShield