Trust Assessment
project-management-skills received a trust score of 65/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 3 findings: 0 critical, 2 high, 1 medium, and 0 low severity. Key findings include Skill requires mandatory modification of core agent configuration files, Subagents configured with unrestricted access to all available tools, Subagents are permitted to spawn additional subagents.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 63/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Skill requires mandatory modification of core agent configuration files The skill explicitly instructs the host LLM to obtain permission to modify critical core configuration files (`AGENTS.md`, `SOUL.md`, `TOOLS.md`, `MEMORY.MD`). It states this is 'mandatory' and that the LLM should 'Continue prompting until granted.' This grants the skill a very high level of control over the agent's fundamental operational parameters, identity, and tool policies, potentially allowing it to permanently alter the agent's behavior. While user permission is requested, the 'mandatory' nature and persistent prompting until granted raise significant concerns about user agency and potential for abuse. Re-evaluate the necessity of mandatory, persistent modification of core agent files. Consider using temporary session-scoped configurations or a more granular permission model. If persistent changes are required, ensure the user consent mechanism is robust and clearly explains the full implications of these changes, without forcing the user to grant permission. | LLM | SKILL.md:30 | |
| HIGH | Subagents configured with unrestricted access to all available tools The skill instructs the host LLM to insert a policy into `TOOLS.md` that explicitly grants subagents the ability to 'use any available tool needed to complete work.' This provides subagents with extremely broad and potentially unrestricted access to all tools available to the main agent, including sensitive or destructive ones. While a 'Confirm-risky' policy is mentioned, it only applies to specific actions, leaving general tool use unchecked. This significantly increases the attack surface and potential for harm if a subagent is compromised or misbehaves. Implement a more granular tool access control mechanism for subagents. Define a whitelist of allowed tools or categories of tools, rather than granting 'any available tool.' Ensure that the 'Confirm-risky' policy covers all potentially dangerous tools and actions, not just a subset. Consider a default-deny approach for subagent tool access. | LLM | SKILL.md:59 | |
| MEDIUM | Subagents are permitted to spawn additional subagents The skill instructs the host LLM to insert a policy into `TOOLS.md` that allows subagents to 'spawn subagents when needed for project work.' This capability, while potentially useful for complex tasks, introduces a risk of uncontrolled recursion, resource exhaustion, or the creation of a complex, difficult-to-monitor agent hierarchy. It can also complicate security auditing and incident response by obscuring the origin of actions. Implement controls or limits on subagent spawning. Consider requiring explicit approval for subagents to spawn further subagents, or limit the depth of the subagent hierarchy. Ensure proper logging and monitoring are in place to track subagent creation and activity. | LLM | SKILL.md:59 |
Scan History
Embed Code
[](https://skillshield.io/report/54bda7d17f83d60f)
Powered by SkillShield