Security Audit

minecraft-bukkit-pro

github.com/sickn33/antigravity-awesome-skills

AI SkillCommit e36d6fd3b3f6

CAUTION

Scanned about 2 months ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

minecraft-bukkit-pro received a trust score of 65/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.

SkillShield's automated analysis identified 2 findings: 2 critical, 0 high, 0 medium, and 0 low severity. Key findings include Untrusted content attempts to force LLM tool usage (WebSearch), Untrusted content attempts to force LLM tool usage (WebSearch, WebFetch).

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 40/100, indicating areas for improvement.

Last analyzed on February 20, 2026 (commit e36d6fd3). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

100%

Static Code Analysis

100%

Dependency Graph

100%

LLM Behavioral Safety

40%

Behavioral Risk Signals

Network Access

1 finding

Security Findings2

Severity	Finding	Layer	Location
CRITICAL	Untrusted content attempts to force LLM tool usage (WebSearch) The untrusted skill content includes an instruction for the LLM to 'Always use WebSearch for current best practices and existing solutions'. This is an attempt to manipulate the LLM into calling a tool (`WebSearch`) that may not be explicitly granted or intended for this skill, bypassing security controls. Remove or rephrase instructions within the untrusted skill content that direct the LLM to use specific tools (e.g., WebSearch, WebFetch) or perform actions outside its defined capabilities.	LLM	SKILL.md:49
CRITICAL	Untrusted content attempts to force LLM tool usage (WebSearch, WebFetch) The untrusted skill content includes an instruction for the LLM to 'Always leverage WebSearch and WebFetch to ensure best practices and find existing solutions'. This is an attempt to manipulate the LLM into calling tools (`WebSearch`, `WebFetch`) that may not be explicitly granted or intended for this skill, bypassing security controls. Remove or rephrase instructions within the untrusted skill content that direct the LLM to use specific tools (e.g., WebSearch, WebFetch) or perform actions outside its defined capabilities.	LLM	SKILL.md:92

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/20e2fe5b6b76c804.svg)](https://skillshield.io/report/20e2fe5b6b76c804)