Security Audit

on-call-handoff-patterns

github.com/sickn33/antigravity-awesome-skills

AI SkillCommit e36d6fd3b3f6

CAUTION

Scanned about 2 months ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

on-call-handoff-patterns received a trust score of 65/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.

SkillShield's automated analysis identified 2 findings: 1 critical, 1 high, 0 medium, and 0 low severity. Key findings include Untrusted content instructs LLM to open local file, Potentially dangerous shell command snippets present.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 55/100, indicating areas for improvement.

Last analyzed on February 20, 2026 (commit e36d6fd3). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

100%

Static Code Analysis

100%

Dependency Graph

100%

LLM Behavioral Safety

55%

Behavioral Risk Signals

Filesystem Write

1 finding

Shell Execution

2 findings

Dynamic Code

2 findings

Excessive Permissions

1 finding

Security Findings2

Severity	Finding	Layer	Location
CRITICAL	Untrusted content instructs LLM to open local file The skill's instructions, embedded within untrusted content, direct the host LLM to open a local file (`resources/implementation-playbook.md`). This is a prompt injection attempt, as untrusted content should not issue commands to the LLM, manipulating its behavior beyond its intended scope. Remove direct instructions to the LLM from untrusted content. If file access is intended, it should be explicitly defined as a tool call or capability, not an instruction within the skill's natural language.	LLM	SKILL.md:20
HIGH	Potentially dangerous shell command snippets present The skill contains multiple `bash` code blocks with commands like `kubectl`, `psql`, and `redis-cli`. If an AI agent executes these commands without proper sandboxing, validation, or user confirmation, it could lead to command injection, allowing arbitrary code execution on the host system. The `redis-cli FLUSHDB` command is particularly destructive as it can cause data loss. Implement strict sandboxing for shell command execution. Require explicit user confirmation before executing any shell commands. Avoid providing direct shell commands in skill definitions if the agent is not designed to safely execute them. Consider replacing direct shell commands with safer, abstracted tool calls.	LLM	SKILL.md:157

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/e58fddeaf6788811.svg)](https://skillshield.io/report/e58fddeaf6788811)