Security Audit

azure-mgmt-apimanagement-py

github.com/sickn33/antigravity-awesome-skills

AI SkillCommit e36d6fd3b3f6

TRUSTED

Scanned 3 days ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

azure-mgmt-apimanagement-py received a trust score of 85/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.

SkillShield's automated analysis identified 2 findings: 0 critical, 0 high, 0 medium, and 2 low severity. Key findings include Sensitive credential printed to standard output, Unpinned dependencies in installation instructions.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.

Last analyzed on February 20, 2026 (commit e36d6fd3). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

100%

Static Code Analysis

100%

Dependency Graph

100%

LLM Behavioral Safety

96%

Behavioral Risk Signals

Shell Execution

1 finding

Excessive Permissions

1 finding

Security Findings2

Severity	Finding	Layer	Location
LOW	Sensitive credential printed to standard output The skill's example code demonstrates creating an Azure API Management subscription and then explicitly prints the `primary_key` of the newly created subscription to standard output. If this skill is executed by an LLM, this sensitive key could be captured in the LLM's output, logs, or conversation history, potentially leading to unauthorized access if not handled securely by the LLM's environment or the user. Avoid printing sensitive keys directly to standard output. Instead, consider storing them securely (e.g., in Azure Key Vault) or returning them in a structured, secure manner if the LLM environment supports it. For demonstration purposes, a warning about the sensitivity of the output could be added.	LLM	SKILL.md:149
LOW	Unpinned dependencies in installation instructions The installation instructions for the skill suggest installing Python packages (`azure-mgmt-apimanagement`, `azure-identity`) without specifying exact version numbers. This practice can introduce supply chain risks, as a future malicious or incompatible version of these packages could be installed if the LLM or user follows these instructions, potentially leading to vulnerabilities or unexpected behavior. Recommend pinning package versions in installation instructions (e.g., `pip install azure-mgmt-apimanagement==X.Y.Z`) to ensure reproducible and secure environments. Regularly update pinned versions after verifying their security and compatibility.	LLM	SKILL.md:8

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/e335b85ddaa45fb0.svg)](https://skillshield.io/report/e335b85ddaa45fb0)