Trust Assessment
molt-md received a trust score of 95/100, placing it in the Trusted category. This skill has passed all critical security checks and demonstrates strong security practices.
SkillShield's automated analysis identified 1 finding: 0 critical, 0 high, 1 medium, and 0 low severity. Key findings include Potential file access via 'ask for API.md' instruction.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| MEDIUM | Potential file access via 'ask for API.md' instruction The skill instructs the agent to 'ask for the API.md file content'. An agent might interpret this as a command to read a local file named `API.md` from its environment. This could lead to unintended data exfiltration if such a file exists and contains sensitive information, or prompt injection if the file contains instructions that manipulate the agent. Rephrase the instruction to explicitly state *how* the agent should get the content (e.g., 'Refer to the API documentation at the GitHub link provided above for complete API documentation.'). If the intent is for the agent to generate the content, clarify that. | LLM | skill.md:50 |
Scan History
Embed Code
[](https://skillshield.io/report/565bfa1154519449)
Powered by SkillShield