Trust Assessment
hig-platforms received a trust score of 73/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 1 finding: 1 critical, 0 high, 0 medium, and 0 low severity. Key findings include Untrusted instruction to access local file.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 20, 2026 (commit e36d6fd3). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Untrusted instruction to access local file The skill contains an instruction within untrusted content (`SKILL.md`) that directs the host LLM to 'Check for `.claude/apple-design-context.md`'. This is a prompt injection attempt, as it tries to manipulate the LLM's behavior by instructing it to interact with the local filesystem. If the LLM has file access capabilities, this could lead to unauthorized reading of local files, potentially exfiltrating sensitive information or revealing internal system structure. Remove or rephrase the instruction to avoid direct commands to the LLM regarding file system interaction. If the intent is to inform the LLM about available context, this should be handled by the skill's environment or explicit tool definitions, not as an instruction embedded in untrusted markdown. | LLM | skills/hig-platforms/SKILL.md:6 |
Scan History
Embed Code
[](https://skillshield.io/report/68776daadaa69e26)
Powered by SkillShield