Trust Assessment
php-pro received a trust score of 85/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 1 finding: 0 critical, 1 high, 0 medium, and 0 low severity. Key findings include Untrusted skill instructs LLM to open local file.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 20, 2026 (commit e36d6fd3). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Untrusted skill instructs LLM to open local file The skill definition, provided as untrusted content, contains a direct instruction for the host LLM to 'open' a local file (`resources/implementation-playbook.md`). This is a form of prompt injection where untrusted content dictates LLM behavior. If the LLM's file access is not strictly sandboxed, or if the file path could be manipulated by a subsequent prompt, this could lead to unauthorized file access or data exfiltration. Remove or rephrase instructions that directly command the LLM to perform actions like opening files. Instead, the skill should describe *what* information is available in the file, and the LLM's environment should handle file access securely and explicitly, perhaps through a dedicated tool call with strict path validation. | LLM | SKILL.md:16 |
Scan History
Embed Code
[](https://skillshield.io/report/1fd2ee9fbc604fa1)
Powered by SkillShield