Trust Assessment
PagerKit received a trust score of 94/100, placing it in the Trusted category. This skill has passed all critical security checks and demonstrates strong security practices.
SkillShield's automated analysis identified 1 finding: 0 critical, 0 high, 1 medium, and 0 low severity. Key findings include Unpinned Package Dependency.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| MEDIUM | Unpinned Package Dependency The skill instructs users to add a package dependency without specifying a version, tag, or commit hash. This can lead to supply chain risks if the remote repository's default branch is updated with malicious or breaking changes, which would be automatically pulled into the user's project. Instruct users to pin the dependency to a specific version, tag, or commit hash (e.g., `https://github.com/SzpakKamil/PagerKit.git` with 'Up to Next Major Version' or a specific version like `1.2.3`). This ensures deterministic builds and protects against unexpected changes in the upstream repository. | LLM | SKILL.md:158 |
Scan History
Embed Code
[](https://skillshield.io/report/9408f91e30cc0a39)
Powered by SkillShield