Security Audit
mermaid-expert
github.com/sickn33/antigravity-awesome-skillsTrust Assessment
mermaid-expert received a trust score of 85/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 1 finding: 0 critical, 1 high, 0 medium, and 0 low severity. Key findings include Skill instructs LLM to access local file system.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 20, 2026 (commit e36d6fd3). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Skill instructs LLM to access local file system The skill contains an instruction for the LLM to 'open `resources/implementation-playbook.md`'. This implies the ability to access and read files from the local file system. If the skill's execution environment allows this, it could lead to unauthorized data access or exfiltration of sensitive information from other files within the skill's directory or accessible paths. This also indicates a potential excessive permission (SS-LLM-005) if file system access is not strictly sandboxed. Remove or rephrase the instruction to avoid direct file system access. If `resources/implementation-playbook.md` is intended as an internal knowledge base document, ensure it is loaded securely by the skill's runtime environment and not via a direct 'open' command from the LLM. If file access is genuinely necessary, ensure it is strictly sandboxed and limited to approved, non-sensitive paths. | LLM | SKILL.md:16 |
Scan History
Embed Code
[](https://skillshield.io/report/9903a2e8d30d4ee2)
Powered by SkillShield