Security Audit

rag-implementation

github.com/sickn33/antigravity-awesome-skills

AI SkillCommit e36d6fd3b3f6

TRUSTED

Scanned 1 day ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

rag-implementation received a trust score of 85/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.

SkillShield's automated analysis identified 1 finding: 0 critical, 0 high, 1 medium, and 0 low severity. Key findings include Potential data transmission to third-party services.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.

Last analyzed on February 20, 2026 (commit e36d6fd3). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

100%

Static Code Analysis

100%

Dependency Graph

100%

LLM Behavioral Safety

93%

Behavioral Risk Signals

Network Access

1 finding

Shell Execution

1 finding

Excessive Permissions

1 finding

Security Findings1

Severity	Finding	Layer	Location
MEDIUM	Potential data transmission to third-party services The provided code snippets demonstrate the use of `OpenAIEmbeddings` and `OpenAI` for processing documents and queries, and `Pinecone` and `Weaviate` for vector storage. These services typically involve sending user data (documents, text chunks, queries) to external APIs or managed databases. If the documents loaded via `DirectoryLoader` contain sensitive or proprietary information, this data will be transmitted to these third-party services. While the 'Safety' section in the skill's description advises to 'Redact sensitive data and enforce access controls', the example code does not implement these measures, potentially leading to unintended data exposure if used directly with sensitive data. Implement robust data redaction, anonymization, or access control mechanisms before sending any sensitive data to third-party services. Ensure users are fully aware of the data privacy policies and security practices of all integrated external services (e.g., OpenAI, Pinecone, Weaviate). For highly sensitive data, consider using local or self-hosted alternatives for embedding models and vector databases.	LLM	SKILL.md:70

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/8803f1718303e993.svg)](https://skillshield.io/report/8803f1718303e993)