Trust Assessment
pulumi-esc received a trust score of 82/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 2 findings: 0 critical, 1 high, 1 medium, and 0 low severity. Key findings include Instruction to use `pulumi env open` risks secret exposure, Agent instructed to use API tool for sensitive environment data.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on April 1, 2026 (commit bbf441e6). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings2
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Instruction to use `pulumi env open` risks secret exposure The skill explicitly instructs the agent to use the `pulumi env open` command, which "resolves and reveals all values including secrets and dynamic credentials." While the skill includes warnings about using this command cautiously and only when necessary, the instruction to use it creates a high risk of sensitive data (secrets, credentials) being exposed to the user or logged by the agent's environment if not handled with extreme care. Re-evaluate the necessity of instructing the agent to use `pulumi env open`. If absolutely required, implement stronger safeguards, such as explicit user confirmation before execution, and ensure the agent's environment prevents logging of sensitive output. Consider if the agent should ever directly expose secret values to the user, even with warnings, or if confirming the *existence* of secrets is sufficient. | LLM | SKILL.md:100 | |
| MEDIUM | Agent instructed to use API tool for sensitive environment data The skill instructs the agent to use the `call_pulumi_cloud_api()` tool to retrieve environment definitions (`GET /api/esc/environments/{orgName}/{projectName}/{envName}`). While only `GET` endpoints are specified, environment definitions can contain sensitive configuration. The risk depends on the actual permissions granted to the `call_pulumi_cloud_api()` tool and how the agent processes and presents the retrieved data. If the tool has broad access or the agent is not careful with output, this could lead to unintended exposure of sensitive configuration. Ensure the `call_pulumi_cloud_api()` tool is configured with the principle of least privilege, ideally read-only access limited to the agent's operational scope. Implement strict output filtering and user confirmation mechanisms within the agent before displaying any potentially sensitive information retrieved via this API. | LLM | SKILL.md:124 |
Scan History
Embed Code
[](https://skillshield.io/report/bb6a3c747a5e0dec)
Powered by SkillShield