Security Audit

rspack-best-practices

github.com/rstackjs/agent-skills

AI SkillCommit 768809457cbb

TRUSTED

Scanned 3 days ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

rspack-best-practices received a trust score of 76/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.

SkillShield's automated analysis identified 2 findings: 0 critical, 2 high, 0 medium, and 0 low severity. Key findings include Potential Prompt Injection via External LLM-specific Documentation Link.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.

Last analyzed on June 1, 2026 (commit 76880945). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

100%

Static Code Analysis

100%

Dependency Graph

100%

LLM Behavioral Safety

70%

Behavioral Risk Signals

Network Access

2 findings

Filesystem Write

2 findings

Shell Execution

2 findings

Dynamic Code

2 findings

Security Findings2

Severity	Finding	Layer	Location
HIGH	Potential Prompt Injection via External LLM-specific Documentation Link The skill provides external links to `http://rspack.rs/llms.txt` and `http://v1.rspack.rs/llms.txt`. The filename `llms.txt` strongly suggests that the content at these URLs is intended to be consumed and interpreted by Large Language Models. If the host LLM fetches and processes the content from these URLs, an attacker controlling the `rspack.rs` domain could inject malicious instructions, override the LLM's behavior, or exfiltrate data. Avoid linking to external resources with filenames like `llms.txt` that explicitly suggest content for LLMs. If external documentation is necessary, ensure it is hosted on a trusted domain and does not contain instructions intended for LLMs. Consider hosting documentation directly within the skill or a trusted, static content delivery network.	LLM	SKILL.md:49
HIGH	Potential Prompt Injection via External LLM-specific Documentation Link The skill provides external links to `http://rspack.rs/llms.txt` and `http://v1.rspack.rs/llms.txt`. The filename `llms.txt` strongly suggests that the content at these URLs is intended to be consumed and interpreted by Large Language Models. If the host LLM fetches and processes the content from these URLs, an attacker controlling the `rspack.rs` domain could inject malicious instructions, override the LLM's behavior, or exfiltrate data. Avoid linking to external resources with filenames like `llms.txt` that explicitly suggest content for LLMs. If external documentation is necessary, ensure it is hosted on a trusted domain and does not contain instructions intended for LLMs. Consider hosting documentation directly within the skill or a trusted, static content delivery network.	LLM	SKILL.md:50

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/9791121f00d2ff4d.svg)](https://skillshield.io/report/9791121f00d2ff4d)