Security Audit
blockchain-developer
github.com/sickn33/antigravity-awesome-skillsTrust Assessment
blockchain-developer received a trust score of 85/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 1 finding: 0 critical, 1 high, 0 medium, and 0 low severity. Key findings include Untrusted instruction to open local file.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 20, 2026 (commit e36d6fd3). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Untrusted instruction to open local file The skill's instructions, provided within the untrusted input block, contain a directive for the LLM to 'open `resources/implementation-playbook.md`'. This is a direct instruction to perform a file system operation based on untrusted content. If the LLM follows this instruction, it could lead to unauthorized file access, potentially exfiltrating sensitive data or revealing internal skill structure. Remove or rephrase the instruction to 'open' a file. Instead of instructing the LLM to perform a file operation, the skill should describe *what* the file contains and *how* the LLM should use that information if it were to be provided. For example, 'The `resources/implementation-playbook.md` file contains detailed examples; consider its content if available.' This shifts the responsibility from the LLM executing a command to the LLM reasoning about available information. | LLM | SKILL.md:19 |
Scan History
Embed Code
[](https://skillshield.io/report/e94736adf65f3dc8)
Powered by SkillShield