Trust Assessment
task-decomposer received a trust score of 86/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 1 finding: 0 critical, 1 high, 0 medium, and 0 low severity. Key findings include Skill installation command bypasses confirmation and installs globally.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Skill installation command bypasses confirmation and installs globally The skill instructs the agent to generate an 'Execution Plan' that includes a command for installing skills using 'npx skills add <owner/repo@skill> -g -y'. The '-g' flag installs the skill globally, and the '-y' flag bypasses user confirmation. This allows the agent to install potentially malicious or unvetted code without explicit approval, increasing supply chain risk. While the 'Notes' section mentions 'Skill creation requires user confirmation', the example command explicitly overrides this for installation, creating a discrepancy and a potential vulnerability if the generated command is executed directly. Remove the '-g' and '-y' flags from the example 'npx skills add' command in the 'Execution Plan' template. Ensure that the agent's skill installation process always requires explicit user confirmation and considers the scope of installation (global vs. local). Clarify the 'Skill creation requires user confirmation' note to explicitly cover skill *installation* as well. | LLM | SKILL.md:288 |
Scan History
Embed Code
[](https://skillshield.io/report/6ba5034545c41dd9)
Powered by SkillShield