Trust Assessment
cpp-pro received a trust score of 72/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 1 finding: 1 critical, 0 high, 0 medium, and 0 low severity. Key findings include Prompt Injection: LLM Persona and Instruction Override.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 20, 2026 (commit e36d6fd3). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Prompt Injection: LLM Persona and Instruction Override The skill's `SKILL.md` content, which is treated as untrusted input, contains direct instructions intended to define the LLM's persona and operational guidelines ('You are a C++ programming expert...', 'Follow C++ Core Guidelines...'). This attempts to manipulate the host LLM's behavior and can lead to unexpected or malicious outputs if the LLM follows these untrusted instructions. Move LLM persona and core instructions out of untrusted skill content and into the trusted system prompt or skill definition. Untrusted skill content should only provide context or data, not instructions for the LLM's behavior. | LLM | skills/cpp-pro/SKILL.md:20 |
Scan History
Embed Code
[](https://skillshield.io/report/1017f94b0d4c15e1)
Powered by SkillShield