Trust Assessment
rent received a trust score of 67/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 3 findings: 0 critical, 2 high, 1 medium, and 0 low severity. Key findings include Missing required field: name, Explicit tool execution instruction, Potential data exfiltration and prompt injection via web browsing.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Explicit tool execution instruction The skill explicitly instructs the LLM to execute the `agent-browser` tool with specific arguments (`--help` and `open <link>`). This demonstrates a direct command execution capability. While the current arguments are benign and the links are hardcoded, this pattern represents a command injection vector. If the `agent-browser` tool or its arguments could be influenced by untrusted user input or malicious web content, it could lead to arbitrary command execution on the host system or within the agent's environment. Ensure that the `agent-browser` tool is strictly sandboxed and only accepts well-formed, validated URLs as arguments. Implement robust input validation and sanitization for any arguments passed to external tools. Consider if direct execution of `--help` is necessary or if tool capabilities can be queried differently. | LLM | SKILL.md:30 | |
| HIGH | Potential data exfiltration and prompt injection via web browsing The skill instructs the LLM to use `agent-browser` to visit multiple external, untrusted real estate websites and "собрать данные о квартирах" (collect apartment data), including interacting with pages to "выбрать нужные фильтры" (select necessary filters). Malicious content on these websites could attempt to perform prompt injection against the LLM, tricking it into extracting sensitive information (e.g., user data, cookies, or other private details from the browser context) beyond the intended apartment listings. This extracted sensitive data could then be exfiltrated by being included in the LLM's response to the user. Implement strict sandboxing for the `agent-browser` tool, limiting its access to sensitive browser features (e.g., local storage, cookies, other tabs). Ensure the LLM's interaction with web content is highly constrained and validated, preventing it from acting on arbitrary instructions found on visited pages. Implement content filtering or allow-listing for data extraction to ensure only expected data types are processed and returned. Consider using a headless browser with minimal capabilities. | LLM | SKILL.md:32 | |
| MEDIUM | Missing required field: name The 'name' field is required for claude_code skills but is missing from frontmatter. Add a 'name' field to the SKILL.md frontmatter. | Static | skills/kapishdima/rent/SKILL.md:1 |
Scan History
Embed Code
[](https://skillshield.io/report/a67ea1d4a988473d)
Powered by SkillShield