Security Audit

deep-research

github.com/sickn33/antigravity-awesome-skills

AI SkillCommit e36d6fd3b3f6

TRUSTED

Scanned 1 day ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

deep-research received a trust score of 85/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.

SkillShield's automated analysis identified 2 findings: 0 critical, 0 high, 2 medium, and 0 low severity. Key findings include Skill sourced from external, unverified repository, Skill relies on unspecified `requirements.txt` for dependencies.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.

Last analyzed on February 20, 2026 (commit e36d6fd3). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

100%

Static Code Analysis

100%

Dependency Graph

100%

LLM Behavioral Safety

86%

Behavioral Risk Signals

Network Access

1 finding

Filesystem Write

1 finding

Security Findings2

Severity	Finding	Layer	Location
MEDIUM	Skill sourced from external, unverified repository The skill's manifest indicates its source is an external GitHub repository (`https://github.com/sanjay3290/ai-skills/tree/main/skills/deep-research`). Relying on code from third-party repositories introduces supply chain risks, as the integrity and security of the external source cannot be guaranteed. Malicious code could be introduced upstream, affecting users of this skill. Consider vendoring the skill's code directly into the `antigravity-awesome-skills` repository or implementing robust verification processes (e.g., code review, static analysis, dependency scanning) for all external dependencies. Regularly audit the upstream repository for changes.	LLM	SKILL.md
MEDIUM	Skill relies on unspecified `requirements.txt` for dependencies The `SKILL.md` instructs users to install dependencies using `pip install -r requirements.txt`. The content of this `requirements.txt` file is not provided in the current context. Without knowing the exact dependencies and their pinned versions, there's a risk of installing malicious packages, outdated versions with known vulnerabilities, or falling victim to dependency confusion attacks. Provide the `requirements.txt` file for analysis. Ensure all dependencies are explicitly pinned to specific versions (e.g., `httpx==0.25.0`). Use a dependency scanner to check for known vulnerabilities. Consider using a lock file (e.g., `pip-tools` or `Poetry`) for deterministic builds.	LLM	SKILL.md:21

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/7c0850a77d167acd.svg)](https://skillshield.io/report/7c0850a77d167acd)