Trust Assessment
study received a trust score of 94/100, placing it in the Trusted category. This skill has passed all critical security checks and demonstrates strong security practices.
SkillShield's automated analysis identified 1 finding: 0 critical, 0 high, 1 medium, and 0 low severity. Key findings include Unscoped file system access permissions.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| MEDIUM | Unscoped file system access permissions The skill declares 'Read', 'Write', and 'Edit' permissions without specifying any scope or restrictions on file system access. This allows the skill to potentially read, write, or modify any file accessible to the agent, leading to data exfiltration, data corruption, or command injection if the agent can write to executable paths. The 'Edit' permission is particularly concerning as it allows modification of existing files, which is a higher risk than creating new ones. The skill's description in SKILL.md does not provide any mitigating scope limitations for these powerful tools. Restrict 'Read', 'Write', and 'Edit' permissions to specific directories (e.g., a user's workspace or temporary files) or require explicit user confirmation for sensitive operations. Implement robust input validation and sanitization for any file paths or content provided by the user to prevent malicious file access. | LLM | SKILL.md:1 |
Scan History
Embed Code
[](https://skillshield.io/report/9c7e34fdc462f9f7)
Powered by SkillShield