Security Audit
mobile-developer
github.com/sickn33/antigravity-awesome-skillsTrust Assessment
mobile-developer received a trust score of 73/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 1 finding: 1 critical, 0 high, 0 medium, and 0 low severity. Key findings include Untrusted skill content attempts to instruct LLM to open a local file.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 20, 2026 (commit e36d6fd3). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Untrusted skill content attempts to instruct LLM to open a local file The skill's `SKILL.md` file, which is treated as untrusted input, contains a direct instruction for the LLM to open a local file (`resources/implementation-playbook.md`). This is a prompt injection attempt, as it tries to manipulate the host LLM's behavior by issuing a command from untrusted content. If the LLM were to follow this instruction, it could lead to unauthorized file access or information disclosure. Remove or neutralize any instructions or commands intended for the LLM from the skill's definition, especially within untrusted content. Ensure the LLM is hardened against following such directives from skill definitions. | LLM | SKILL.md:22 |
Scan History
Embed Code
[](https://skillshield.io/report/c5b16cc42a1dc44b)
Powered by SkillShield