Trust Assessment
pm received a trust score of 86/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 1 finding: 0 critical, 1 high, 0 medium, and 0 low severity. Key findings include Excessive tool permissions declared.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Excessive tool permissions declared The skill declares broad `Read`, `Write`, `Grep`, and `Glob` permissions. While the skill's stated purpose involves reading internal phase files and writing `spec.md`, the `Grep` and `Write` permissions are overly broad. `Grep` allows searching for arbitrary patterns across the filesystem, which could be exploited by a prompt injection to locate sensitive data (e.g., API keys, credentials). `Write` allows modification of arbitrary files, potentially leading to data corruption or further compromise. These permissions exceed the minimum necessary for the described functionality and create a significant attack surface. Restrict the `allowed-tools` to the absolute minimum required for the skill's intended function. If `Write` is only for `spec.md`, consider a more granular permission that scopes write access to specific file paths or types. If `Grep` is not strictly necessary, remove it. If `Read` is only for specific phase files, restrict it to those paths. Implement explicit path validation and sandboxing for file operations. | LLM | SKILL.md |
Scan History
Embed Code
[](https://skillshield.io/report/ae61aeaf98f982fa)
Powered by SkillShield