Security Audit

cqrs-implementation

github.com/sickn33/antigravity-awesome-skills

AI SkillCommit e36d6fd3b3f6

TRUSTED

Scanned 1 day ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

cqrs-implementation received a trust score of 85/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.

SkillShield's automated analysis identified 1 finding: 0 critical, 0 high, 1 medium, and 0 low severity. Key findings include Untrusted content issues direct instruction to LLM.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.

Last analyzed on February 20, 2026 (commit e36d6fd3). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

100%

Static Code Analysis

100%

Dependency Graph

100%

LLM Behavioral Safety

93%

Behavioral Risk Signals

Shell Execution

1 finding

Dynamic Code

1 finding

Excessive Permissions

1 finding

Security Findings1

Severity	Finding	Layer	Location
MEDIUM	Untrusted content issues direct instruction to LLM The skill's untrusted `SKILL.md` content contains a direct instruction to the host LLM: "open `resources/implementation-playbook.md`". This demonstrates that the skill can issue commands to the LLM, which is a form of prompt injection. While this specific instruction refers to a local, expected resource within the skill's own context, it highlights a potential vulnerability where malicious instructions could be embedded to manipulate the LLM's behavior, access unauthorized resources, or perform unintended actions if the LLM's tool access is not sufficiently sandboxed. Avoid embedding direct instructions or commands for the LLM within untrusted skill content. Instead, define explicit tool calls or structured data that the LLM can interpret and act upon, ensuring these actions are strictly sandboxed and validated. If the intent is to guide the user, rephrase as a suggestion or information for the user, not a command for the LLM (e.g., 'You may want to consult `resources/implementation-playbook.md` for detailed patterns.').	LLM	skills/cqrs-implementation/SKILL.md:26

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/757ad846e01a8199.svg)](https://skillshield.io/report/757ad846e01a8199)