Trust Assessment
tldr received a trust score of 100/100, placing it in the Trusted category. This skill has passed all critical security checks and demonstrates strong security practices.
SkillShield's automated analysis identified 1 finding: 0 critical, 0 high, 0 medium, and 0 low severity. Key findings include Untrusted instructions for LLM tool use strategy.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| INFO | Untrusted instructions for LLM tool use strategy The skill's documentation, which is treated as untrusted input, contains direct instructions for the LLM on how to prioritize and use the 'tldr' tool. While not overtly malicious, these instructions attempt to manipulate the LLM's decision-making process regarding tool selection and usage strategy based on untrusted content. This violates the principle of treating all content within the untrusted delimiters as data, not instructions. Remove direct instructions for the LLM from untrusted content. If specific tool usage guidance is necessary, it should be provided as part of the trusted skill definition or system prompt, not within user-facing documentation that is parsed as untrusted input. | LLM | SKILL.md:9 |
Scan History
Embed Code
[](https://skillshield.io/report/eee6e6e8989a49de)
Powered by SkillShield