Trust Assessment
pndr received a trust score of 86/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 1 finding: 0 critical, 1 high, 0 medium, and 0 low severity. Key findings include Excessive Permissions: AI can download user attachments.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Excessive Permissions: AI can download user attachments The skill exposes a `download_attachment` tool which allows the AI to retrieve potentially sensitive user files (attachments) from the Pndr account. While this is an intended feature of the Pndr API, it grants the AI broad access to user data. This creates a high risk of data exfiltration if the AI's instructions are compromised via prompt injection or other means, as a malicious prompt could instruct the AI to download all attachments and transmit them to an unauthorized third party. Users should be made explicitly aware of the broad data access granted to the AI through this tool. AI developers should implement robust safeguards to prevent unauthorized use of the `download_attachment` tool, such as requiring explicit user confirmation for sensitive downloads or restricting the types of files that can be downloaded by the AI. | LLM | SKILL.md:161 |
Scan History
Embed Code
[](https://skillshield.io/report/acc064f3dc81ca29)
Powered by SkillShield