Security Audit

HTML Injection Testing

github.com/sickn33/antigravity-awesome-skills

Partial VerificationCommit 9f5351e844df

CRITICAL

Scanned about 1 month ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

This report is partially verified. Deterministic layers ran, but LLM behavioral analysis (L4) was not executed for this scan.

The current score of 10/100 is provisional and may change after a full L4 verification run.

Last analyzed on February 20, 2026 (commit 9f5351e8). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

Static Code Analysis

100%

Dependency Graph

100%

LLM Behavioral SafetyNot run

—

Security Findings7

Severity	Finding	Layer	Location
HIGH	Covert behavior / concealment directives HTML comment containing suspicious keywords Remove hidden instructions, zero-width characters, and bidirectional overrides. Skill instructions should be fully visible and transparent to users.	Manifest	skills/html-injection-testing/SKILL.md:36
HIGH	Covert behavior / concealment directives HTML comment containing suspicious keywords Remove hidden instructions, zero-width characters, and bidirectional overrides. Skill instructions should be fully visible and transparent to users.	Manifest	skills/html-injection-testing/SKILL.md:144
HIGH	Covert behavior / concealment directives HTML comment containing suspicious keywords Remove hidden instructions, zero-width characters, and bidirectional overrides. Skill instructions should be fully visible and transparent to users.	Manifest	skills/html-injection-testing/SKILL.md:161
HIGH	Covert behavior / concealment directives HTML comment containing suspicious keywords Remove hidden instructions, zero-width characters, and bidirectional overrides. Skill instructions should be fully visible and transparent to users.	Manifest	skills/html-injection-testing/SKILL.md:187
HIGH	Covert behavior / concealment directives CSS-based text hiding Remove hidden instructions, zero-width characters, and bidirectional overrides. Skill instructions should be fully visible and transparent to users.	Manifest	skills/html-injection-testing/SKILL.md:239
HIGH	Covert behavior / concealment directives CSS-based text hiding Remove hidden instructions, zero-width characters, and bidirectional overrides. Skill instructions should be fully visible and transparent to users.	Manifest	skills/html-injection-testing/SKILL.md:262
HIGH	Covert behavior / concealment directives CSS-based text hiding Remove hidden instructions, zero-width characters, and bidirectional overrides. Skill instructions should be fully visible and transparent to users.	Manifest	skills/html-injection-testing/SKILL.md:298

HTML Injection Testing

Trust Assessment

Layer Breakdown

Security Findings7

Scan History