Trust Assessment
prompt-guard received a trust score of 10/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 32 findings: 14 critical, 8 high, 10 medium, and 0 low severity. Key findings include Persistence / self-modification instructions, Arbitrary command execution, File read + network send exfiltration.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The Manifest Analysis layer scored lowest at 0/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings32
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Persistence / self-modification instructions Shell RC file modification for persistence Remove any persistence mechanisms. Skills should not modify system startup configurations, crontabs, LaunchAgents, systemd services, or shell profiles. | Manifest | skills/seojoonkim/prompt-guard/prompt_guard/patterns.py:528 | |
| CRITICAL | Persistence / self-modification instructions Shell RC file modification for persistence Remove any persistence mechanisms. Skills should not modify system startup configurations, crontabs, LaunchAgents, systemd services, or shell profiles. | Manifest | skills/seojoonkim/prompt-guard/scripts/detect.py:842 | |
| CRITICAL | Arbitrary command execution Python shell execution (os.system, subprocess) Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/seojoonkim/prompt-guard/tests/test_detect_cli.py:7 | |
| CRITICAL | Arbitrary command execution Python shell execution (os.system, subprocess) Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/seojoonkim/prompt-guard/tests/test_integration_full.py:676 | |
| CRITICAL | Arbitrary command execution Python dynamic code execution (exec/eval/compile) Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/seojoonkim/prompt-guard/prompt_guard/pattern_loader.py:37 | |
| CRITICAL | Arbitrary command execution Remote code download piped to interpreter Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/seojoonkim/prompt-guard/tests/test_detect.py:221 | |
| CRITICAL | File read + network send exfiltration .env file access Remove access to sensitive files not required by the skill's stated purpose. SSH keys, cloud credentials, and browser data should never be read by skills unless explicitly part of their declared functionality. | Manifest | skills/seojoonkim/prompt-guard/tests/test_detect_cli.py:45 | |
| CRITICAL | Hardcoded GitHub Token detected A hardcoded GitHub Token was found. Secrets should be stored in environment variables or a secret manager. Replace the hardcoded secret with an environment variable reference. | Static | skills/seojoonkim/prompt-guard/tests/test_detect.py:398 | |
| CRITICAL | Hardcoded AWS Access Key detected A hardcoded AWS Access Key was found. Secrets should be stored in environment variables or a secret manager. Replace the hardcoded secret with an environment variable reference. | Static | skills/seojoonkim/prompt-guard/tests/test_detect.py:392 | |
| CRITICAL | Hardcoded AWS Access Key detected A hardcoded AWS Access Key was found. Secrets should be stored in environment variables or a secret manager. Replace the hardcoded secret with an environment variable reference. | Static | skills/seojoonkim/prompt-guard/tests/test_detect.py:792 | |
| CRITICAL | Hardcoded AWS Access Key detected A hardcoded AWS Access Key was found. Secrets should be stored in environment variables or a secret manager. Replace the hardcoded secret with an environment variable reference. | Static | skills/seojoonkim/prompt-guard/tests/test_detect.py:863 | |
| CRITICAL | Hardcoded AWS Access Key detected A hardcoded AWS Access Key was found. Secrets should be stored in environment variables or a secret manager. Replace the hardcoded secret with an environment variable reference. | Static | skills/seojoonkim/prompt-guard/tests/test_integration_full.py:271 | |
| CRITICAL | Hardcoded AWS Access Key detected A hardcoded AWS Access Key was found. Secrets should be stored in environment variables or a secret manager. Replace the hardcoded secret with an environment variable reference. | Static | skills/seojoonkim/prompt-guard/tests/test_integration_full.py:327 | |
| CRITICAL | Hardcoded AWS Access Key detected A hardcoded AWS Access Key was found. Secrets should be stored in environment variables or a secret manager. Replace the hardcoded secret with an environment variable reference. | Static | skills/seojoonkim/prompt-guard/tests/test_integration_full.py:338 | |
| HIGH | Hardcoded OpenAI API Key detected A hardcoded OpenAI API Key was found. Secrets should be stored in environment variables or a secret manager. Replace the hardcoded secret with an environment variable reference. | Static | skills/seojoonkim/prompt-guard/tests/test_detect.py:773 | |
| HIGH | Hardcoded OpenAI API Key detected A hardcoded OpenAI API Key was found. Secrets should be stored in environment variables or a secret manager. Replace the hardcoded secret with an environment variable reference. | Static | skills/seojoonkim/prompt-guard/tests/test_detect.py:925 | |
| HIGH | Hardcoded OpenAI API Key detected A hardcoded OpenAI API Key was found. Secrets should be stored in environment variables or a secret manager. Replace the hardcoded secret with an environment variable reference. | Static | skills/seojoonkim/prompt-guard/tests/test_detect.py:940 | |
| HIGH | Hardcoded Bearer Token detected A hardcoded Bearer Token was found. Secrets should be stored in environment variables or a secret manager. Replace the hardcoded secret with an environment variable reference. | Static | skills/seojoonkim/prompt-guard/tests/test_detect.py:842 | |
| HIGH | Dangerous call: subprocess.run() Call to 'subprocess.run()' detected in function 'run_detect'. This can execute arbitrary code. Avoid using dangerous functions like exec/eval/os.system. Use safer alternatives. | Static | skills/seojoonkim/prompt-guard/tests/test_detect_cli.py:7 | |
| HIGH | Dangerous call: subprocess.run() Call to 'subprocess.run()' detected in function '_run_cli'. This can execute arbitrary code. Avoid using dangerous functions like exec/eval/os.system. Use safer alternatives. | Static | skills/seojoonkim/prompt-guard/tests/test_integration_full.py:676 | |
| HIGH | User message hash and detected patterns sent to external API The `prompt-guard` skill reports detected threats, including a SHA-256 hash of the user's message and the matched attack pattern, to an external threat intelligence API at `https://hivefence-api.seojoon-kim.workers.dev`. While this is intended for collective threat intelligence, it means that a representation of user input (the hash) and the specific attack pattern found in it are transmitted to a third-party service. This could be a privacy concern or a data exfiltration risk depending on the sensitivity of the user's messages and the trust placed in the external service. Clearly disclose to users that their input (or a hash of it) and detected threat patterns may be sent to a third-party service for threat intelligence. Provide an explicit option to disable this feature. Ensure the hash is sufficiently long to prevent reverse engineering of short messages. | LLM | prompt_guard/logging_utils.py:127 | |
| HIGH | Threat patterns loaded dynamically from external API The `prompt-guard` skill dynamically loads threat patterns from an external API (`https://hivefence-api.seojoon-kim.workers.dev`) via the `HiveFenceClient`. If this external API is compromised, an attacker could inject malicious regex patterns. These patterns are then compiled using `re.compile()` and used by the `TieredPatternLoader` and `scanner.py` to analyze user input. Maliciously crafted regex patterns could lead to Regular Expression Denial of Service (ReDoS) attacks, causing the `prompt-guard` service to consume excessive CPU resources and become unresponsive when processing certain inputs. Implement strong authentication and integrity checks (e.g., cryptographic signatures) for patterns fetched from the external API. Consider sandboxing the regex compilation and matching process to mitigate ReDoS risks. Regularly audit the external API provider's security practices. | LLM | prompt_guard/hivefence.py:145 | |
| MEDIUM | Potential hardcoded secret (high entropy) A high-entropy string (entropy=5.22) was found in a credential-like context. Verify this is not a hardcoded secret. Use environment variables for sensitive values. | Static | skills/seojoonkim/prompt-guard/tests/test_detect.py:398 | |
| MEDIUM | Potential hardcoded secret (high entropy) A high-entropy string (entropy=4.68) was found in a credential-like context. Verify this is not a hardcoded secret. Use environment variables for sensitive values. | Static | skills/seojoonkim/prompt-guard/tests/test_detect.py:773 | |
| MEDIUM | Potential hardcoded secret (high entropy) A high-entropy string (entropy=4.68) was found in a credential-like context. Verify this is not a hardcoded secret. Use environment variables for sensitive values. | Static | skills/seojoonkim/prompt-guard/tests/test_detect.py:925 | |
| MEDIUM | Suspicious import: urllib.request Import of 'urllib.request' detected. This module provides network or low-level system access. Verify this import is necessary. Network and system modules in skill code may indicate data exfiltration. | Static | skills/seojoonkim/prompt-guard/prompt_guard/hivefence.py:29 | |
| MEDIUM | Suspicious import: urllib.request Import of 'urllib.request' detected. This module provides network or low-level system access. Verify this import is necessary. Network and system modules in skill code may indicate data exfiltration. | Static | skills/seojoonkim/prompt-guard/prompt_guard/logging_utils.py:146 | |
| MEDIUM | Python file could not be statically analyzed SyntaxError: leading zeros in decimal integer literals are not permitted; use an 0o prefix for octal integers (line 39) | Static | skills/seojoonkim/prompt-guard/scripts/detect.py:39 | |
| MEDIUM | Suspicious import: urllib.request Import of 'urllib.request' detected. This module provides network or low-level system access. Verify this import is necessary. Network and system modules in skill code may indicate data exfiltration. | Static | skills/seojoonkim/prompt-guard/scripts/hivefence.py:29 | |
| MEDIUM | Unpinned Python dependency version Dependency 'pyyaml>=5.0' is not pinned to an exact version. Pin Python dependencies with exact versions where feasible. | Dependencies | skills/seojoonkim/prompt-guard/pyproject.toml | |
| MEDIUM | Unpinned Python dependency version Requirement 'pyyaml>=5.0' is not pinned to an exact version. Pin Python dependencies with '==<exact version>'. | Dependencies | skills/seojoonkim/prompt-guard/requirements.txt:8 | |
| MEDIUM | Unpinned Python dependency version Requirement 'langdetect>=1.0.9' is not pinned to an exact version. Pin Python dependencies with '==<exact version>'. | Dependencies | skills/seojoonkim/prompt-guard/requirements.txt:9 |
Scan History
Embed Code
[](https://skillshield.io/report/5124ba56d858af1d)
Powered by SkillShield