Security Audit
deployment-pipeline-design
github.com/sickn33/antigravity-awesome-skillsTrust Assessment
deployment-pipeline-design received a trust score of 85/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 1 finding: 0 critical, 0 high, 0 medium, and 1 low severity. Key findings include Skill instructs LLM to read local file.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 20, 2026 (commit e36d6fd3). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| LOW | Skill instructs LLM to read local file The skill explicitly instructs the host LLM to 'open' a local file (`resources/implementation-playbook.md`). This indicates the skill expects the LLM to have filesystem read capabilities. While the target file is internal to the skill package and likely documentation, this highlights a potential for excessive permissions if the LLM's filesystem access is broad or if the path could be manipulated by untrusted input. The content of the file is not provided, so the immediate risk of sensitive data exposure is unknown. Review the necessity of direct file access by the LLM. If the content of `resources/implementation-playbook.md` is critical for the skill's function, consider embedding relevant parts directly into the skill's prompt or providing it via a more controlled mechanism. Ensure the LLM's filesystem access is strictly scoped to necessary files and paths. | LLM | SKILL.md:20 |
Scan History
Embed Code
[](https://skillshield.io/report/42f9deb729902abc)
Powered by SkillShield