Security Audit
RightNow-AI/openfang:crates/openfang-skills/bundled/linear-tools
github.com/RightNow-AI/openfangTrust Assessment
RightNow-AI/openfang:crates/openfang-skills/bundled/linear-tools received a trust score of 73/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 1 finding: 1 critical, 0 high, 0 medium, and 0 low severity. Key findings include Prompt Injection Attempt via Persona Definition.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 27, 2026 (commit 7bd01856). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Prompt Injection Attempt via Persona Definition The untrusted `SKILL.md` content attempts to define the LLM's persona with the instruction 'You are a senior engineering manager and productivity expert...'. This is a direct attempt at prompt injection, as the host LLM should not adopt personas or follow instructions embedded within untrusted input. Untrusted content should be treated as data, not commands. Remove any instructions, persona definitions, or commands intended for the LLM from untrusted content. Untrusted content should only contain data relevant to the skill's function, not directives for the LLM's behavior. | LLM | SKILL.md:3 |
Scan History
Embed Code
[](https://skillshield.io/report/f4e73af784c05ea8)
Powered by SkillShield