Security Audit
hig-technologies
github.com/sickn33/antigravity-awesome-skillsTrust Assessment
hig-technologies received a trust score of 72/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 1 finding: 1 critical, 0 high, 0 medium, and 0 low severity. Key findings include Untrusted content attempts to instruct LLM to check for a file and modify behavior.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 20, 2026 (commit e36d6fd3). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Untrusted content attempts to instruct LLM to check for a file and modify behavior The skill's `SKILL.md` file, which is treated as untrusted input, contains direct instructions to the host LLM. Specifically, the line 'Check for `.claude/apple-design-context.md` before asking questions. Use existing context and only ask for information not already covered.' attempts to manipulate the LLM's internal process by instructing it to look for a specific file and to alter its conversational strategy. This is a direct prompt injection, as it tries to make the LLM perform actions and modify its behavior based on untrusted content. Remove direct instructions to the LLM from untrusted skill content. Skill behavior should be defined by the manifest and skill code, not by instructions embedded in content intended for user consumption or as data. If the skill needs to access specific files, this should be handled through explicit tool calls or a defined skill execution environment, not via LLM instructions. | LLM | SKILL.md:3 |
Scan History
Embed Code
[](https://skillshield.io/report/8a280c449ee9ed1c)
Powered by SkillShield