Security Audit
nodejs-backend-patterns
github.com/sickn33/antigravity-awesome-skillsTrust Assessment
nodejs-backend-patterns received a trust score of 72/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 1 finding: 1 critical, 0 high, 0 medium, and 0 low severity. Key findings include Untrusted content attempts to instruct LLM to open a file.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 20, 2026 (commit e36d6fd3). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Untrusted content attempts to instruct LLM to open a file The skill's instructions, provided as untrusted content, contain a directive for the host LLM to 'open `resources/implementation-playbook.md`' under certain conditions. This is a direct attempt to manipulate the LLM's behavior and potentially access local files based on untrusted input, which constitutes a prompt injection vulnerability. Remove or rephrase the instruction 'open `resources/implementation-playbook.md`' from the untrusted skill content. The LLM should be instructed by the system prompt to *consider* or *refer to* supporting files, not to *open* them directly based on untrusted input. Untrusted content should never issue direct commands to the LLM. | LLM | SKILL.md:28 |
Scan History
Embed Code
[](https://skillshield.io/report/dd824c844ed3069a)
Powered by SkillShield