Trust Assessment
type-design-analyzer received a trust score of 86/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 1 finding: 0 critical, 1 high, 0 medium, and 0 low severity. Key findings include Excessive 'Bash' permission declared for an analysis skill.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Excessive 'Bash' permission declared for an analysis skill The skill's manifest declares the 'Bash' tool, which grants the agent the ability to execute arbitrary shell commands. While the current skill content (a rubric) does not explicitly instruct the use of Bash, this permission is excessive for a skill whose stated purpose is purely type design analysis. Granting arbitrary shell execution introduces a significant risk, as a compromised agent or malicious input could leverage this permission for command injection, data exfiltration, or system modification. Remove the 'Bash' permission from the `allowed-tools` list. If specific shell commands are genuinely required, consider if more constrained tools or a more limited execution environment could achieve the same functionality with reduced risk. | LLM | SKILL.md:1 |
Scan History
Embed Code
[](https://skillshield.io/report/6100418f5b38233f)
Powered by SkillShield