Security Audit
azure-ai-voicelive-dotnet
github.com/sickn33/antigravity-awesome-skillsTrust Assessment
azure-ai-voicelive-dotnet received a trust score of 85/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 1 finding: 0 critical, 0 high, 1 medium, and 0 low severity. Key findings include Unpinned NuGet package dependencies.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 20, 2026 (commit e36d6fd3). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| MEDIUM | Unpinned NuGet package dependencies The skill's installation instructions recommend adding NuGet packages without specifying a version. This can lead to non-deterministic builds, unexpected breaking changes, or the introduction of vulnerabilities if a package maintainer pushes a malicious update. While the listed packages (Azure.AI.VoiceLive, Azure.Identity, NAudio) are generally reputable, relying on the 'latest' version without explicit pinning introduces a supply chain risk. Pin package versions to specific, known-good versions (e.g., `dotnet add package Azure.AI.VoiceLive --version 1.0.0`). Regularly review and update dependencies to mitigate risks from new vulnerabilities while maintaining stability. | LLM | SKILL.md:10 |
Scan History
Embed Code
[](https://skillshield.io/report/11b39a49b268e419)
Powered by SkillShield