Trust Assessment
prisma-expert received a trust score of 10/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 7 findings: 3 critical, 2 high, 2 medium, and 0 low severity. Key findings include Persistence / self-modification instructions, Persistence mechanism: Shell RC file modification, Potential Command Injection via Shell Execution.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The Manifest Analysis layer scored lowest at 40/100, indicating areas for improvement.
Last analyzed on February 20, 2026 (commit e36d6fd3). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings7
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Persistence / self-modification instructions Shell RC file modification for persistence Remove any persistence mechanisms. Skills should not modify system startup configurations, crontabs, LaunchAgents, systemd services, or shell profiles. | Manifest | skills/prisma-expert/SKILL.md:276 | |
| CRITICAL | Persistence / self-modification instructions Shell RC file modification for persistence Remove any persistence mechanisms. Skills should not modify system startup configurations, crontabs, LaunchAgents, systemd services, or shell profiles. | Manifest | skills/prisma-expert/SKILL.md:288 | |
| CRITICAL | Potential Command Injection via Shell Execution The skill's content includes multiple `bash` command snippets (e.g., `npx prisma`, `grep`, `ls`, `psql`). If the host LLM is configured to execute these commands, an attacker could potentially inject malicious commands or arguments, leading to arbitrary code execution, system compromise, or unauthorized actions. The `psql` command, in particular, allows direct interaction with a database, which could be highly sensitive. Implement strict sandboxing for skill execution environments. Disallow direct shell command execution from untrusted skill content. If specific CLI tools are required, expose them via a highly restricted, allow-listed API that sanitizes all inputs and limits capabilities. | LLM | SKILL.md:15 | |
| HIGH | Potential Data Exfiltration via File System and Database Access The skill suggests executing commands like `grep "provider" prisma/schema.prisma`, `ls -la prisma/migrations/`, and `psql -c "SELECT count(*) FROM pg_stat_activity WHERE datname = 'your_db';"`. If the LLM executes these commands, an attacker could manipulate inputs to read arbitrary files from the file system, list sensitive directory contents, or query and exfiltrate data from connected databases. Restrict file system and database access to the absolute minimum necessary. Ensure that any file paths or database queries are not constructible from untrusted user input. Implement robust input validation and sanitization for any commands or functions that interact with the file system or database. | LLM | SKILL.md:18 | |
| HIGH | Skill Requests Excessive System Permissions The skill's design, which relies heavily on the execution of shell commands (`npx`, `grep`, `ls`, `psql`), implicitly requests broad system permissions. This includes the ability to execute arbitrary processes, read/list files, and interact with databases. Granting such extensive permissions to an AI agent skill creates a large attack surface and increases the potential impact of a security breach. Adhere to the principle of least privilege. Skills should only be granted the narrowest set of permissions required for their intended function. Instead of general shell access, provide specific, sandboxed tools or APIs that perform only the necessary operations with validated inputs. | LLM | SKILL.md:15 | |
| MEDIUM | Persistence mechanism: Shell RC file modification Detected Shell RC file modification pattern. Persistence mechanisms allow malware to survive system restarts. Review this persistence pattern. Skills should not modify system startup configuration. | Static | skills/prisma-expert/SKILL.md:276 | |
| MEDIUM | Persistence mechanism: Shell RC file modification Detected Shell RC file modification pattern. Persistence mechanisms allow malware to survive system restarts. Review this persistence pattern. Skills should not modify system startup configuration. | Static | skills/prisma-expert/SKILL.md:288 |
Scan History
Embed Code
[](https://skillshield.io/report/50a2a731fc3f647a)
Powered by SkillShield