Trust Assessment
prompt-engineering received a trust score of 86/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 1 finding: 0 critical, 1 high, 0 medium, and 0 low severity. Key findings include Insecure `curl | sh` for CLI installation.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 12, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Insecure `curl | sh` for CLI installation The skill instructs users to install the `inference.sh` CLI using `curl -fsSL ... | sh`. This method downloads and executes a script directly from the internet without prior review or verification, posing a significant supply chain risk. A malicious or compromised script could execute arbitrary commands on the user's system, leading to command injection, data exfiltration, or credential harvesting. While `inference.sh` may be legitimate, this installation pattern bypasses package manager security features and is generally considered insecure. Replace the `curl | sh` installation method with a more secure alternative, such as a package manager (e.g., `apt`, `brew`, `npm`), a signed installer, or a method that allows users to review the script content before execution. If direct execution is necessary, provide a checksum for verification. | LLM | SKILL.md:7 |
Scan History
Embed Code
[](https://skillshield.io/report/19dcc0dc1a8c8685)
Powered by SkillShield