Security Audit
requesting-code-review
github.com/sickn33/antigravity-awesome-skillsTrust Assessment
requesting-code-review received a trust score of 85/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 1 finding: 0 critical, 1 high, 0 medium, and 0 low severity. Key findings include Direct Shell Command Execution.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 20, 2026 (commit e36d6fd3). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Direct Shell Command Execution The skill explicitly provides shell commands (`git rev-parse`, `git log`, `awk`) within its instructions, expecting the AI agent (or user) to execute them. If the agent's execution environment is not properly sandboxed, these commands could be exploited for arbitrary code execution. The `awk` command, while processing `git log` output in this instance, represents a more complex shell pipeline that could be vulnerable if any part of its input were untrusted or if the agent's execution context allows for broader command interpretation. Implement strict sandboxing for all shell command execution initiated by AI agents. Ensure that any commands executed are explicitly whitelisted or passed through a secure command execution wrapper that validates and sanitizes inputs. Avoid direct execution of shell commands provided within untrusted skill content without robust security controls and user confirmation. | LLM | SKILL.md:20 |
Scan History
Embed Code
[](https://skillshield.io/report/62a854b1a506f002)
Powered by SkillShield