Trust Assessment
silent-failure-hunter received a trust score of 86/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 1 finding: 0 critical, 1 high, 0 medium, and 0 low severity. Key findings include Excessive 'Bash' tool permission.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Excessive 'Bash' tool permission The skill declares 'Bash' as an allowed tool, granting the agent the ability to execute arbitrary shell commands. While the skill's examples demonstrate benign usage of 'grep', this broad permission allows for potential command injection, data exfiltration, or system modification if the agent's subsequent actions or user input are not properly sanitized. For a skill focused on code analysis, a more granular tool (e.g., a dedicated 'grep' tool or a restricted 'shell_exec' tool) would be more appropriate, limiting the attack surface. Replace the 'Bash' tool with more specific, sandboxed tools that only provide the necessary functionality (e.g., a 'grep' tool, or a 'read_file' tool combined with in-memory regex). If 'Bash' is truly required, ensure all inputs to 'Bash' commands are rigorously sanitized and validated. | LLM | SKILL.md:1 |
Scan History
Embed Code
[](https://skillshield.io/report/e367231100c6eba4)
Powered by SkillShield