Security Audit

readme

github.com/sickn33/antigravity-awesome-skills

AI SkillCommit e36d6fd3b3f6

TRUSTED

Scanned about 1 month ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

readme received a trust score of 83/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.

SkillShield's automated analysis identified 2 findings: 0 critical, 1 high, 1 medium, and 0 low severity. Key findings include Potential Data Exfiltration of Secrets, Excessive Filesystem Read/Write Permissions.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.

Last analyzed on February 20, 2026 (commit e36d6fd3). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

100%

Static Code Analysis

100%

Dependency Graph

100%

LLM Behavioral Safety

78%

Behavioral Risk Signals

Filesystem Write

2 findings

Excessive Permissions

1 finding

Security Findings2

Severity	Finding	Layer	Location
HIGH	Potential Data Exfiltration of Secrets The skill instructs the LLM to 'Check `config/master.key`' and to 'thoroughly explore the codebase' including sensitive files like `.env.example` and `config/credentials.yml.enc`. While the intent is to document the existence and purpose of these files, an LLM might interpret 'check' or 'explore' as reading the content of these files. Given the instruction to be 'absurdly thorough,' there is a significant risk that the LLM could inadvertently include actual sensitive information (such as the `RAILS_MASTER_KEY` or example credentials from `.env.example`) in the generated `README.md`, leading to data exfiltration. Clarify instructions to explicitly forbid reading the content of sensitive files like `config/master.key` or `config/credentials.yml.enc`. Instruct the LLM to only document the presence and purpose of such files, and to use placeholder values for any examples.	LLM	SKILL.md:100
MEDIUM	Excessive Filesystem Read/Write Permissions The skill requires broad read access to the entire project directory for 'Deep Codebase Exploration' (e.g., reading all config files, dependency manifests, database schemas, etc.) and write access to the project root to create `README.md`. While necessary for the skill's function, this extensive filesystem access represents an excessive permission scope. If the LLM were compromised or misinterpreted instructions, this broad access could be abused to read or modify arbitrary files within the project directory. Implement strict sandboxing for the LLM's filesystem access, limiting it only to the files and directories absolutely necessary for generating the README. Consider a 'read-only' mode for exploration and a specific 'write-only' permission for `README.md`.	LLM	SKILL.md:56

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/ccf56356d6116ba6.svg)](https://skillshield.io/report/ccf56356d6116ba6)