Trust Assessment
style-polisher received a trust score of 83/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 2 findings: 0 critical, 1 high, 0 medium, and 1 low severity. Key findings include Node lockfile missing, Skill output can be used for host LLM prompt injection.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings2
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Skill output can be used for host LLM prompt injection The skill's primary function is to take user-provided text (`content`), apply various stylistic modifications, and return the altered text. If the output of this skill is subsequently used as input for the host LLM (or any downstream LLM), a malicious user could embed prompt injection instructions within their initial `content`. The string manipulation functions (e.g., `polishToSharpComment`, `polishToFormalStyle`) perform replacements and concatenations but do not sanitize or filter for LLM-specific instructions, allowing them to pass through to the consuming LLM. This enables an attacker to potentially manipulate the host LLM's behavior. Implement robust sanitization or filtering of user input (`content`) before processing, specifically to detect and neutralize potential prompt injection instructions if the skill's output is intended for an LLM. Alternatively, ensure the host LLM's integration with this skill explicitly handles and sanitizes the skill's output before using it in its own prompt. If the 'custom style' feature (which is truncated in the provided code) involves an internal LLM call, ensure the custom style description is properly escaped or validated to prevent internal prompt injection. | LLM | index.js:189 | |
| LOW | Node lockfile missing package.json is present but no lockfile was found (package-lock.json, pnpm-lock.yaml, or yarn.lock). Commit a lockfile for deterministic dependency resolution. | Dependencies | skills/liuxy951129-cpu/style-polisher/package.json |
Scan History
Embed Code
[](https://skillshield.io/report/3f12d801e2949de0)
Powered by SkillShield