Security Audit
javascript-testing-patterns
github.com/sickn33/antigravity-awesome-skillsTrust Assessment
javascript-testing-patterns received a trust score of 85/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 1 finding: 0 critical, 1 high, 0 medium, and 0 low severity. Key findings include Prompt injection via instruction to open local file.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 20, 2026 (commit e36d6fd3). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Prompt injection via instruction to open local file The `SKILL.md` file, which is treated as untrusted input, contains a direct instruction for the host LLM: "open `resources/implementation-playbook.md`". This violates the security principle that untrusted content should not issue commands or instructions to the LLM. Such directives can manipulate the LLM's behavior, potentially leading to unintended actions or information disclosure if the LLM's file access capabilities are broader than intended or if the target file contains further malicious instructions. Remove direct instructions to the LLM from untrusted content. Any necessary file access should be explicitly defined and controlled by the trusted skill definition or tool configuration, not triggered by instructions embedded within untrusted markdown. The LLM should be programmed to access specific resources based on its trusted instructions, not based on commands from untrusted input. | LLM | skills/javascript-testing-patterns/SKILL.md:26 |
Scan History
Embed Code
[](https://skillshield.io/report/8a3cda629efc57ff)
Powered by SkillShield