Security Audit
istio-traffic-management
github.com/sickn33/antigravity-awesome-skillsTrust Assessment
istio-traffic-management received a trust score of 85/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 1 finding: 0 critical, 0 high, 0 medium, and 1 low severity. Key findings include Potential Command Injection via Bash Code Blocks.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 20, 2026 (commit e36d6fd3). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| LOW | Potential Command Injection via Bash Code Blocks The skill contains `bash` code blocks under the 'Debugging Commands' section. If the LLM's execution environment is configured to interpret and execute code blocks from untrusted skill content, this could lead to command injection. While the specific `istioctl` commands provided are diagnostic and generally safe, the presence of executable code blocks represents a potential vulnerability if malicious commands were present or if the execution environment is not properly sandboxed. Ensure that LLM execution environments do not automatically execute code blocks from untrusted skill content. If execution is intended, implement strict sandboxing and allowlisting of commands. Alternatively, present these commands as text only, without implying executability. | LLM | SKILL.md:314 |
Scan History
Embed Code
[](https://skillshield.io/report/d29d9ea509c59fc8)
Powered by SkillShield