Trust Assessment
qa-lead received a trust score of 65/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 2 findings: 1 critical, 1 high, 0 medium, and 0 low severity. Key findings include Skill definition attempts to manipulate host LLM, Excessive 'Bash' permission declared in manifest.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 55/100, indicating areas for improvement.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings2
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Skill definition attempts to manipulate host LLM The `SKILL.md` file, which defines the skill's persona, workflow, and operational constraints (e.g., 'You are an expert QA Lead...', 'NEVER exceed 2000 tokens per response!', 'Generate ONE test file'), is treated as untrusted input by the SkillShield analyzer. These explicit instructions are designed to manipulate the host LLM's behavior, directly conflicting with the analyzer's directive to ignore commands within untrusted content. This represents a prompt injection attempt against the analyzer's operational instructions. Review the skill's design to ensure its operational instructions are clearly separated from untrusted user input. If the skill's definition itself is considered untrusted, then its instructions for the LLM are inherently a prompt injection. This may indicate a need to refine the definition of 'untrusted content' for skill definitions or to implement a secure parsing layer for skill instructions. | LLM | SKILL.md:1 | |
| HIGH | Excessive 'Bash' permission declared in manifest The skill's manifest explicitly declares 'Bash' as an allowed tool. This grants the skill the capability to execute arbitrary shell commands on the host system. For a QA lead skill focused on generating test artifacts, this permission is overly broad and introduces a significant security risk, enabling potential command injection, data exfiltration, or system compromise. The combination with 'Write' and 'Edit' permissions further amplifies this risk. Remove the 'Bash' permission from the skill's manifest unless absolutely critical for its core functionality. If shell execution is required, restrict it to a minimal set of predefined, sandboxed commands. Re-evaluate the necessity of 'Write' and 'Edit' permissions and narrow their scope if possible. | LLM | Manifest |
Scan History
Embed Code
[](https://skillshield.io/report/df11abb8d315347c)
Powered by SkillShield