Security Audit
k8s-manifest-generator
github.com/sickn33/antigravity-awesome-skillsTrust Assessment
k8s-manifest-generator received a trust score of 73/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 1 finding: 1 critical, 0 high, 0 medium, and 0 low severity. Key findings include Untrusted content attempts to instruct the host LLM.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 20, 2026 (commit e36d6fd3). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Untrusted content attempts to instruct the host LLM The 'Instructions' section within the `SKILL.md` file, which is marked as untrusted input, contains directives intended for the host LLM. This is a prompt injection attempt where the skill tries to manipulate the LLM's behavior, including instructing it to 'Clarify goals,' 'Apply relevant best practices,' 'Provide actionable steps,' and 'open `resources/implementation-playbook.md`'. This violates the principle of treating untrusted content as data, not instructions. Remove all instructions intended for the host LLM from the untrusted `SKILL.md` content. These instructions should be part of the skill's trusted definition or prompt, not embedded within user-editable or untrusted skill documentation. | LLM | SKILL.md:20 |
Scan History
Embed Code
[](https://skillshield.io/report/b3d200a6a78c751e)
Powered by SkillShield