Security Audit
gitlab-ci-patterns
github.com/sickn33/antigravity-awesome-skillsTrust Assessment
gitlab-ci-patterns received a trust score of 68/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 4 findings: 0 critical, 1 high, 3 medium, and 0 low severity. Key findings include Unpinned Docker image tag in CI/CD example, Insecure TLS verification enabled in Kubernetes configuration.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 64/100, indicating areas for improvement.
Last analyzed on February 20, 2026 (commit e36d6fd3). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings4
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Insecure TLS verification enabled in Kubernetes configuration The `.deploy_template` in the GitLab CI/CD example configures `kubectl` with `--insecure-skip-tls-verify=true`. This flag disables TLS certificate verification, making the connection to the Kubernetes API server vulnerable to man-in-the-middle (MITM) attacks. An attacker could intercept and tamper with communication, potentially leading to credential compromise or unauthorized access to the Kubernetes cluster. While this is an example, promoting such a practice, even in a template, is a significant security risk. Remove `--insecure-skip-tls-verify=true` and ensure proper TLS certificate validation is in place. This typically involves configuring `kubectl` with a trusted CA certificate for the Kubernetes API server. | LLM | SKILL.md:88 | |
| MEDIUM | Unpinned Docker image tag in CI/CD example The GitLab CI/CD example uses `bitnami/kubectl:latest`. Using the `latest` tag for Docker images in CI/CD pipelines is a supply chain risk. The `latest` tag can change at any time, leading to non-reproducible builds, unexpected behavior, or the introduction of vulnerabilities if a new `latest` version contains breaking changes or security flaws. Recommend pinning the Docker image to a specific, immutable version (e.g., `bitnami/kubectl:1.28.4` or `bitnami/kubectl:1.28.4-debian-11-r0`) to ensure reproducibility and security. | LLM | SKILL.md:71 | |
| MEDIUM | Unpinned Docker image tag in CI/CD example The GitLab CI/CD example uses `bitnami/kubectl:latest` within the `.deploy_template`. Using the `latest` tag for Docker images in CI/CD pipelines is a supply chain risk. The `latest` tag can change at any time, leading to non-reproducible builds, unexpected behavior, or the introduction of vulnerabilities if a new `latest` version contains breaking changes or security flaws. Recommend pinning the Docker image to a specific, immutable version (e.g., `bitnami/kubectl:1.28.4` or `bitnami/kubectl:1.28.4-debian-11-r0`) to ensure reproducibility and security. | LLM | SKILL.md:85 | |
| MEDIUM | Unpinned Docker image tag in CI/CD example The GitLab CI/CD example for security scanning uses `aquasec/trivy:latest`. Using the `latest` tag for Docker images in CI/CD pipelines is a supply chain risk. The `latest` tag can change at any time, leading to non-reproducible builds, unexpected behavior, or the introduction of vulnerabilities if a new `latest` version contains breaking changes or security flaws. Recommend pinning the Docker image to a specific, immutable version (e.g., `aquasec/trivy:0.48.0`) to ensure reproducibility and security. | LLM | SKILL.md:151 |
Scan History
Embed Code
[](https://skillshield.io/report/26c5dc95de920b67)
Powered by SkillShield