Security Audit
frontend-ui-dark-ts
github.com/sickn33/antigravity-awesome-skillsTrust Assessment
frontend-ui-dark-ts received a trust score of 10/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 14 findings: 0 critical, 13 high, 1 medium, and 0 low severity. Key findings include Covert behavior / concealment directives, Potential Command Injection via Quick Start Guide, Unpinned Dependencies in Quick Start Installation.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The Manifest Analysis layer scored lowest at 0/100, indicating areas for improvement.
Last analyzed on February 20, 2026 (commit e36d6fd3). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings14
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Covert behavior / concealment directives CSS-based text hiding Remove hidden instructions, zero-width characters, and bidirectional overrides. Skill instructions should be fully visible and transparent to users. | Manifest | skills/frontend-ui-dark-ts/SKILL.md:444 | |
| HIGH | Covert behavior / concealment directives CSS-based text hiding Remove hidden instructions, zero-width characters, and bidirectional overrides. Skill instructions should be fully visible and transparent to users. | Manifest | skills/frontend-ui-dark-ts/SKILL.md:446 | |
| HIGH | Covert behavior / concealment directives CSS-based text hiding Remove hidden instructions, zero-width characters, and bidirectional overrides. Skill instructions should be fully visible and transparent to users. | Manifest | skills/frontend-ui-dark-ts/SKILL.md:452 | |
| HIGH | Covert behavior / concealment directives CSS-based text hiding Remove hidden instructions, zero-width characters, and bidirectional overrides. Skill instructions should be fully visible and transparent to users. | Manifest | skills/frontend-ui-dark-ts/SKILL.md:454 | |
| HIGH | Covert behavior / concealment directives CSS-based text hiding Remove hidden instructions, zero-width characters, and bidirectional overrides. Skill instructions should be fully visible and transparent to users. | Manifest | skills/frontend-ui-dark-ts/SKILL.md:467 | |
| HIGH | Covert behavior / concealment directives CSS-based text hiding Remove hidden instructions, zero-width characters, and bidirectional overrides. Skill instructions should be fully visible and transparent to users. | Manifest | skills/frontend-ui-dark-ts/SKILL.md:478 | |
| HIGH | Covert behavior / concealment directives CSS-based text hiding Remove hidden instructions, zero-width characters, and bidirectional overrides. Skill instructions should be fully visible and transparent to users. | Manifest | skills/frontend-ui-dark-ts/SKILL.md:500 | |
| HIGH | Covert behavior / concealment directives CSS-based text hiding Remove hidden instructions, zero-width characters, and bidirectional overrides. Skill instructions should be fully visible and transparent to users. | Manifest | skills/frontend-ui-dark-ts/SKILL.md:502 | |
| HIGH | Covert behavior / concealment directives CSS-based text hiding Remove hidden instructions, zero-width characters, and bidirectional overrides. Skill instructions should be fully visible and transparent to users. | Manifest | skills/frontend-ui-dark-ts/SKILL.md:537 | |
| HIGH | Covert behavior / concealment directives CSS-based text hiding Remove hidden instructions, zero-width characters, and bidirectional overrides. Skill instructions should be fully visible and transparent to users. | Manifest | skills/frontend-ui-dark-ts/SKILL.md:539 | |
| HIGH | Covert behavior / concealment directives CSS-based text hiding Remove hidden instructions, zero-width characters, and bidirectional overrides. Skill instructions should be fully visible and transparent to users. | Manifest | skills/frontend-ui-dark-ts/SKILL.md:543 | |
| HIGH | Covert behavior / concealment directives CSS-based text hiding Remove hidden instructions, zero-width characters, and bidirectional overrides. Skill instructions should be fully visible and transparent to users. | Manifest | skills/frontend-ui-dark-ts/SKILL.md:545 | |
| HIGH | Potential Command Injection via Quick Start Guide The 'Quick Start' section contains shell commands (`npm`, `npx`) that, if executed by an AI agent, could lead to arbitrary command execution. While these commands are standard for project setup, their presence in untrusted content poses a significant risk if the agent's execution environment does not properly sandbox or prevent execution of such instructions. Ensure the AI agent's execution environment strictly sandboxes or prevents the execution of shell commands found in untrusted skill descriptions. For human-readable guides, explicitly state that these commands are for the user to run, not the agent. Consider providing a safer, declarative way for the agent to understand dependencies if it needs to interact with them. | LLM | SKILL.md:30 | |
| MEDIUM | Unpinned Dependencies in Quick Start Installation The `npm install` commands in the 'Quick Start' guide do not specify exact package versions, relying on the 'latest' available. This introduces a supply chain risk, as installing unpinned dependencies can lead to the inclusion of vulnerable or malicious versions if a package maintainer pushes a compromised update. While the 'Stack' section lists `^` versions, the installation commands use `latest`. Pin exact versions for all dependencies in installation instructions (e.g., `npm install package@1.2.3`) to ensure deterministic and secure builds. Alternatively, provide a `package.json` and `package-lock.json` for deterministic installs. | LLM | SKILL.md:32 |
Scan History
Embed Code
[](https://skillshield.io/report/d428a52441856690)
Powered by SkillShield