Security Audit
azure-postgres-ts
github.com/sickn33/antigravity-awesome-skillsTrust Assessment
azure-postgres-ts received a trust score of 85/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 1 finding: 0 critical, 0 high, 1 medium, and 0 low severity. Key findings include Unpinned dependencies in installation instructions.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 20, 2026 (commit e36d6fd3). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| MEDIUM | Unpinned dependencies in installation instructions The skill's installation instructions recommend installing npm packages (`pg`, `@azure/identity`, `@types/pg`) without specifying exact versions. This practice can lead to non-deterministic builds, introduce breaking changes, or pull in vulnerable versions if a malicious package is published under the same name (typosquatting or hijacked package). For an AI agent skill, this means that if the skill's environment is set up by directly following these instructions, it could inadvertently install compromised or incompatible dependencies. Pin all dependencies to specific, known-good versions (e.g., `npm install pg@8.11.3 @azure/identity@4.0.0`) or use a lock file (`package-lock.json` or `yarn.lock`) to ensure deterministic and secure installations. Regularly audit and update these pinned versions. | LLM | SKILL.md:10 |
Scan History
Embed Code
[](https://skillshield.io/report/0ee216f03ceacef0)
Powered by SkillShield