Trust Assessment
plvr-event-discovery received a trust score of 94/100, placing it in the Trusted category. This skill has passed all critical security checks and demonstrates strong security practices.
SkillShield's automated analysis identified 1 finding: 0 critical, 0 high, 1 medium, and 0 low severity. Key findings include Skill outputs user email address in confirmation.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 12, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| MEDIUM | Skill outputs user email address in confirmation The skill's output template explicitly instructs the agent to report the user's email address under the `Checkout identity` field. While this information is necessary for the skill's function (guest checkout), exposing Personally Identifiable Information (PII) in the skill's output can lead to data leakage if the output is not handled securely by the orchestrating system or if it's logged without proper redaction. This creates a risk of sensitive user data being exposed beyond its intended use. Implement PII redaction or masking for the `Checkout identity` field in the skill's output. For example, instead of the full email, output a masked version (e.g., `u***@e****.com`). Ensure that the orchestrating system handles PII securely and that logs containing such information are appropriately protected or anonymized. The skill should only output the minimum necessary information required for the user or subsequent secure processes. | LLM | SKILL.md:34 |
Scan History
Embed Code
[](https://skillshield.io/report/05e205eba077068b)
Powered by SkillShield