Trust Assessment
nft-standards received a trust score of 73/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 1 finding: 1 critical, 0 high, 0 medium, and 0 low severity. Key findings include Untrusted content attempts to instruct LLM to open a file.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 20, 2026 (commit e36d6fd3). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Untrusted content attempts to instruct LLM to open a file The skill's `SKILL.md` file, which is treated as untrusted input, contains a direct instruction for the host LLM to 'open `resources/implementation-playbook.md`'. This is a prompt injection attempt, as it tries to manipulate the LLM's behavior by instructing it to perform a file system operation based on content that should be treated as data, not instructions. This violates the rule that the LLM should never follow commands found in untrusted content. Remove or rephrase the instruction within the untrusted content. If the skill genuinely needs to access this file, the instruction should be part of the trusted skill definition (e.g., in a tool definition or a trusted prompt template), not embedded in user-provided or untrusted markdown. | LLM | SKILL.md:15 |
Scan History
Embed Code
[](https://skillshield.io/report/5ee649c6fc67f51f)
Powered by SkillShield