Trust Assessment
lofy-fitness received a trust score of 94/100, placing it in the Trusted category. This skill has passed all critical security checks and demonstrates strong security practices.
SkillShield's automated analysis identified 1 finding: 0 critical, 0 high, 1 medium, and 0 low severity. Key findings include Skill requires local file read/write access.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| MEDIUM | Skill requires local file read/write access The skill explicitly instructs the AI to read from and update `data/fitness.json`. This grants the skill file system read and write permissions. While the path `data/fitness.json` suggests a skill-specific data file, the capability to perform file I/O is a significant permission that could lead to data exfiltration or integrity issues if not properly sandboxed or if the skill is manipulated to access unintended files. User fitness data, which can be sensitive, will be stored and managed by this file. Ensure the skill's execution environment strictly sandboxes file operations to its designated data directory, preventing access to arbitrary file paths. Implement robust input validation and output sanitization to prevent prompt injection from leading to unintended data disclosure from `data/fitness.json` or manipulation of its contents. | LLM | SKILL.md:44 |
Scan History
Embed Code
[](https://skillshield.io/report/5da3497f3c6b3ffd)
Powered by SkillShield