Trust Assessment
malayalam-whatsapp received a trust score of 65/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 2 findings: 1 critical, 0 high, 1 medium, and 0 low severity. Key findings include Missing required field: name, Prompt Injection via Skill Description.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings2
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Prompt Injection via Skill Description The skill's `SKILL.md` file, which is treated as untrusted input, contains explicit instructions for the host LLM on how to respond and behave (e.g., language choice, politeness, use of soft particles). This attempts to manipulate the LLM's persona and response style, which is a direct form of prompt injection. Remove behavioral instructions from untrusted skill descriptions. Skill descriptions should be purely descriptive and not contain directives for the LLM's operation. If such behavior is desired, it should be implemented through trusted system prompts or tool definitions, not through untrusted markdown. | LLM | SKILL.md:30 | |
| MEDIUM | Missing required field: name The 'name' field is required for claude_code skills but is missing from frontmatter. Add a 'name' field to the SKILL.md frontmatter. | Static | skills/babuperumana/malayalam-whatsapp/SKILL.md:1 |
Scan History
Embed Code
[](https://skillshield.io/report/3d0a47432a5605a3)
Powered by SkillShield