Trust Assessment
rsbuild-best-practices received a trust score of 85/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 1 finding: 0 critical, 1 high, 0 medium, and 0 low severity. Key findings include External URL points to LLM-specific instruction file.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on June 1, 2026 (commit 76880945). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | External URL points to LLM-specific instruction file The skill's documentation section includes URLs (`http://rsbuild.rs/llms.txt`, `http://v1.rsbuild.rs/llms.txt`) that explicitly contain 'llms.txt' in their path. This naming convention strongly suggests these external resources are intended to be fetched and interpreted by an LLM. If an attacker gains control over the content served at these URLs, they could inject malicious instructions (prompt injection) or command the LLM to exfiltrate sensitive data by including such directives within the 'llms.txt' file. This creates a remote instruction injection and potential data exfiltration vector. Remove or replace the URLs pointing to 'llms.txt' files. If LLM-specific instructions are required, they should be embedded directly within the trusted skill definition rather than fetched from untrusted external sources. Ensure any external links are to static, non-executable content that cannot be manipulated to alter the LLM's behavior or exfiltrate data. | LLM | SKILL.md:40 |
Scan History
Embed Code
[](https://skillshield.io/report/8506017034f1040d)
Powered by SkillShield