Trust Assessment
file-uploads received a trust score of 72/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 1 finding: 1 critical, 0 high, 0 medium, and 0 low severity. Key findings include Skill definition and instructions found in untrusted input.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 20, 2026 (commit e36d6fd3). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Skill definition and instructions found in untrusted input The entire skill definition, including the 'Role', security guidelines, and 'Sharp Edges' table, is located within the untrusted input block. This attempts to manipulate the host LLM's behavior and security posture using instructions from an untrusted source. The LLM should not derive its operational instructions or security principles from content explicitly marked as untrusted. Move the skill definition and instructions outside of the untrusted input delimiters. Content within these delimiters should be treated as user input or data, not as directives for the LLM's behavior or security posture. The LLM's core instructions and security principles must be established by trusted system prompts. | LLM | SKILL.md:5 |
Scan History
Embed Code
[](https://skillshield.io/report/17489b910909ac62)
Powered by SkillShield