Security Audit

doc-coauthoring

github.com/sickn33/antigravity-awesome-skills

AI SkillCommit e36d6fd3b3f6

TRUSTED

Scanned about 1 month ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

doc-coauthoring received a trust score of 82/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.

SkillShield's automated analysis identified 2 findings: 0 critical, 1 high, 1 medium, and 0 low severity. Key findings include Unrestricted file/link access based on user input, Broad access to external integrations.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.

Last analyzed on February 20, 2026 (commit e36d6fd3). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

100%

Static Code Analysis

100%

Dependency Graph

100%

LLM Behavioral Safety

78%

Behavioral Risk Signals

Network Access

2 findings

Filesystem Write

2 findings

Excessive Permissions

2 findings

Security Findings2

Severity	Finding	Layer	Location
HIGH	Unrestricted file/link access based on user input The skill instructs the agent to read content from user-provided links and files without explicit restrictions on scope or origin. This could allow a malicious user to trick the agent into accessing sensitive local files (e.g., `/etc/passwd`, `~/.ssh/id_rsa`) or internal network resources, potentially leading to data exfiltration or unauthorized information disclosure. The instruction 'If they provide a file, read it' is particularly concerning if the underlying agent environment does not strictly sandbox file system access. Implement strict sandboxing and access controls for file and network operations. For links, validate URLs against an allow-list of trusted domains. For files, restrict access to a designated, isolated working directory and prevent access to system paths. Explicitly inform the user about these limitations and require explicit confirmation before accessing any external resource or file.	LLM	SKILL.md:68
MEDIUM	Broad access to external integrations The skill requests access to 'Slack, Teams, Google Drive, SharePoint, or other MCP servers' via 'appropriate integration' to pull in context. While necessary for the skill's function, the term 'appropriate integration' is vague and the scope of access to these services is not defined. If the underlying integrations grant overly broad permissions (e.g., read access to all files/channels, not just those relevant to the current task), it could lead to excessive permissions and potential data exposure. Ensure that integrations are configured with the principle of least privilege. Access should be scoped as narrowly as possible (e.g., specific channels, folders, or documents) and require explicit user consent for each access attempt, rather than blanket permissions. The skill should clarify what 'appropriate integration' means and how its scope is managed.	LLM	SKILL.md:97

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/e5e7776e610ca905.svg)](https://skillshield.io/report/e5e7776e610ca905)