Security Audit
azure-eventhub-rust
github.com/sickn33/antigravity-awesome-skillsTrust Assessment
azure-eventhub-rust received a trust score of 85/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 1 finding: 0 critical, 0 high, 1 medium, and 0 low severity. Key findings include Unpinned dependencies in installation instructions.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 20, 2026 (commit e36d6fd3). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| MEDIUM | Unpinned dependencies in installation instructions The `cargo add` commands in the installation instructions do not specify exact versions for the dependencies (`azure_messaging_eventhubs`, `azure_identity`, `azure_messaging_eventhubs_checkpointstore_blob`). This can lead to non-deterministic builds and introduces a supply chain risk, as a new, potentially malicious or breaking version of a dependency could be pulled in without explicit review. While common in documentation for simplicity, it's a security best practice to pin dependencies. Pin dependencies to specific versions (e.g., `cargo add azure_messaging_eventhubs@1.2.3 azure_identity@4.5.6`) to ensure deterministic builds and mitigate risks from unexpected updates. This should be applied to all `cargo add` commands in the skill. | LLM | SKILL.md:10 |
Scan History
Embed Code
[](https://skillshield.io/report/36a716d838ec9345)
Powered by SkillShield