Security Audit
payment-integration
github.com/sickn33/antigravity-awesome-skillsTrust Assessment
payment-integration received a trust score of 85/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 1 finding: 0 critical, 0 high, 1 medium, and 0 low severity. Key findings include LLM persona and behavioral instructions in untrusted content.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 20, 2026 (commit e36d6fd3). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| MEDIUM | LLM persona and behavioral instructions in untrusted content The skill package contains instructions within the untrusted content block that attempt to define the LLM's persona and guide its behavior. Specifically, the 'Instructions' section and the statement 'You are a payment integration specialist...' directly manipulate the host LLM's operational directives. While these instructions appear benign and aligned with the skill's purpose, they violate the principle of treating all content within the untrusted input delimiters as data, not instructions for the analyzer or host LLM. This pattern could be exploited if malicious instructions were inserted. Move LLM persona definitions and behavioral instructions outside the untrusted content block, or ensure the skill execution environment explicitly parses and applies such directives in a controlled, sandboxed manner, rather than allowing them as free-form prompt injection. | LLM | SKILL.md:19 |
Scan History
Embed Code
[](https://skillshield.io/report/b0f8c51e3642e40a)
Powered by SkillShield