Security Audit
agent-orchestration-improve-agent
github.com/sickn33/antigravity-awesome-skillsTrust Assessment
agent-orchestration-improve-agent received a trust score of 55/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 1 finding: 0 critical, 1 high, 0 medium, and 0 low severity. Key findings include Potential Command Injection via $ARGUMENTS placeholder.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 20, 2026 (commit e36d6fd3). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Potential Command Injection via $ARGUMENTS placeholder The skill defines a command `context-manager analyze-agent-performance $ARGUMENTS --days 30`. If the `$ARGUMENTS` placeholder is populated directly from untrusted user input without proper sanitization or validation, it could allow an attacker to inject arbitrary commands into the `context-manager` execution. This could lead to unauthorized data access, modification, or system compromise. Ensure that any values substituted for `$ARGUMENTS` are strictly validated and sanitized to prevent command injection. Ideally, use a structured argument passing mechanism instead of direct string interpolation for user-controlled inputs. If `$ARGUMENTS` is not intended to be user-controlled, clarify its source and ensure it's securely generated. | Static | SKILL.md:69 |
Scan History
Embed Code
[](https://skillshield.io/report/962b07dd70e3cd37)
Powered by SkillShield