Security Audit
hybrid-cloud-architect
github.com/sickn33/antigravity-awesome-skillsTrust Assessment
hybrid-cloud-architect received a trust score of 72/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 1 finding: 1 critical, 0 high, 0 medium, and 0 low severity. Key findings include Prompt Injection via File Access Instruction.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 20, 2026 (commit e36d6fd3). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Prompt Injection via File Access Instruction The skill's instructions, embedded within untrusted content, attempt to manipulate the host LLM by instructing it to 'open' a local file (`resources/implementation-playbook.md`). This is a direct prompt injection attempt, as the LLM is being given an instruction from untrusted input. If the LLM follows this instruction, it could lead to unauthorized file access, potential data exfiltration if the file contains sensitive information, or exploitation of excessive file system permissions. Remove or neutralize any instructions within the untrusted skill content that direct the LLM to perform actions like opening files. LLM instructions should only originate from trusted, pre-defined system prompts or tool definitions, not from user-provided or skill-provided markdown content. | LLM | SKILL.md:16 |
Scan History
Embed Code
[](https://skillshield.io/report/6a3abbfc56581682)
Powered by SkillShield