Trust Assessment
seo-content-brief received a trust score of 95/100, placing it in the Trusted category. This skill has passed all critical security checks and demonstrates strong security practices.
SkillShield's automated analysis identified 1 finding: 0 critical, 0 high, 1 medium, and 0 low severity. Key findings include Overly broad Bash permission for 'infsh' CLI.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| MEDIUM | Overly broad Bash permission for 'infsh' CLI The skill declares a broad `Bash(infsh *)` permission, allowing it to execute any command starting with `infsh`. While the provided `SKILL.md` primarily demonstrates `infsh app run` and `infsh login` commands, this wildcard permission could potentially allow the execution of other `infsh` subcommands that might have broader system access, administrative functions, or unintended side effects not directly related to the skill's stated purpose. A more granular permission, if supported by the platform (e.g., `Bash(infsh app run *)`, `Bash(infsh login)`), would reduce the attack surface. Restrict `allowed-tools` to only the specific `infsh` subcommands required for the skill's functionality (e.g., `Bash(infsh app run *)`, `Bash(infsh login)`) if the platform supports such granularity. If fine-grained control is not available, ensure the `infsh` CLI itself is designed with robust security controls and its commands are appropriately sandboxed. | LLM | Manifest:1 |
Scan History
Embed Code
[](https://skillshield.io/report/4b581e362f07c645)
Powered by SkillShield