Trust Assessment
snippet-gen received a trust score of 60/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 3 findings: 1 critical, 0 high, 2 medium, and 0 low severity. Key findings include Unpinned npm dependency version, Untrusted user code directly embedded in LLM prompt, Dependencies specified with broad version ranges.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 63/100, indicating areas for improvement.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Untrusted user code directly embedded in LLM prompt The skill directly concatenates user-provided code file contents into the LLM's `user` message without sanitization or clear structural separation. A malicious user could embed prompt injection instructions within their code files (e.g., `// IGNORE ALL PREVIOUS INSTRUCTIONS...`) to manipulate the LLM's behavior, potentially leading to unintended actions, data leakage, or generation of harmful content. Implement robust prompt engineering techniques to isolate user-provided code from LLM instructions. This could involve using XML-like tags (e.g., `<user_code>...</user_code>`) or JSON structures, combined with a system prompt that explicitly instructs the LLM to treat content within these tags as data, not instructions. Additionally, add a strong refusal instruction to the system prompt to ignore any attempts to override its role or instructions from within the user code. | LLM | src/index.ts:20 | |
| MEDIUM | Unpinned npm dependency version Dependency 'commander' is not pinned to an exact version ('^12.1.0'). Pin dependencies to exact versions to reduce drift and supply-chain risk. | Dependencies | skills/lxgicstudios/snippet-gen/package.json | |
| MEDIUM | Dependencies specified with broad version ranges The `package.json` file specifies dependencies using caret (`^`) version ranges (e.g., `openai: "^4.73.0"`). While `package-lock.json` pins exact versions for a specific installation, when the skill is run via `npx` (as suggested in `SKILL.md`), it may fetch and install the latest compatible version within these ranges. This introduces a supply chain risk, as a new, vulnerable version of a dependency could be published and automatically used, even if the original development environment was secure. Pin all production dependencies to exact versions (e.g., `openai: "4.73.0"`) in `package.json` to ensure deterministic builds and prevent unexpected updates. Regularly audit and manually update dependencies to incorporate security fixes. For `npx` usage, consider using `npx <package>@<version>` or ensuring the `package-lock.json` is always respected. | LLM | package.json:9 |
Scan History
Embed Code
[](https://skillshield.io/report/ce2339cee7d66471)
Powered by SkillShield