Security Audit
m365-agents-ts
github.com/sickn33/antigravity-awesome-skillsTrust Assessment
m365-agents-ts received a trust score of 85/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 1 finding: 0 critical, 0 high, 1 medium, and 0 low severity. Key findings include Unpinned npm dependencies in installation instructions.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 20, 2026 (commit e36d6fd3). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| MEDIUM | Unpinned npm dependencies in installation instructions The `npm install` commands provided in the documentation do not specify exact versions for the packages. This can lead to non-deterministic builds and introduces a supply chain risk where a malicious update to a dependency could be automatically pulled in without explicit review. While the 'Before implementation' section advises confirming package versions, the installation commands themselves do not enforce pinning. Pin all dependencies to specific versions (e.g., `npm install <package>@<version>`) in the installation instructions. Alternatively, provide a `package.json` and `package-lock.json` and instruct users to use `npm ci` for deterministic installs. | LLM | SKILL.md:30 |
Scan History
Embed Code
[](https://skillshield.io/report/e5a68b95d1ef1eee)
Powered by SkillShield