Security Audit
frontend-slides
github.com/sickn33/antigravity-awesome-skillsTrust Assessment
frontend-slides received a trust score of 10/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 7 findings: 0 critical, 7 high, 0 medium, and 0 low severity. Key findings include Covert behavior / concealment directives, Shell command execution via 'open' instruction.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The Manifest Analysis layer scored lowest at 10/100, indicating areas for improvement.
Last analyzed on February 20, 2026 (commit e36d6fd3). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings7
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Covert behavior / concealment directives CSS-based text hiding Remove hidden instructions, zero-width characters, and bidirectional overrides. Skill instructions should be fully visible and transparent to users. | Manifest | skills/frontend-slides/SKILL.md:270 | |
| HIGH | Covert behavior / concealment directives CSS-based text hiding Remove hidden instructions, zero-width characters, and bidirectional overrides. Skill instructions should be fully visible and transparent to users. | Manifest | skills/frontend-slides/SKILL.md:402 | |
| HIGH | Covert behavior / concealment directives CSS-based text hiding Remove hidden instructions, zero-width characters, and bidirectional overrides. Skill instructions should be fully visible and transparent to users. | Manifest | skills/frontend-slides/SKILL.md:613 | |
| HIGH | Covert behavior / concealment directives CSS-based text hiding Remove hidden instructions, zero-width characters, and bidirectional overrides. Skill instructions should be fully visible and transparent to users. | Manifest | skills/frontend-slides/SKILL.md:626 | |
| HIGH | Covert behavior / concealment directives CSS-based text hiding Remove hidden instructions, zero-width characters, and bidirectional overrides. Skill instructions should be fully visible and transparent to users. | Manifest | skills/frontend-slides/SKILL.md:633 | |
| HIGH | Covert behavior / concealment directives CSS-based text hiding Remove hidden instructions, zero-width characters, and bidirectional overrides. Skill instructions should be fully visible and transparent to users. | Manifest | skills/frontend-slides/SKILL.md:640 | |
| HIGH | Shell command execution via 'open' instruction The skill explicitly instructs the host LLM to execute a shell command: `open [filename].html`. If the `[filename].html` value can be influenced by user input or contains shell metacharacters (e.g., `;`, `|`, `&`), this could lead to arbitrary command execution on the host system. This is a direct command injection vector, as the LLM is instructed to run an external command. Avoid instructing the LLM to execute arbitrary shell commands. If opening a file is necessary, use a safer, sandboxed method provided by the LLM's environment, or ensure strict sanitization/validation of the filename to prevent shell metacharacters before execution. | LLM | SKILL.md:408 |
Scan History
Embed Code
[](https://skillshield.io/report/e1d3d21d4d160401)
Powered by SkillShield