Trust Assessment
risk-manager received a trust score of 85/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 1 finding: 0 critical, 0 high, 1 medium, and 0 low severity. Key findings include Skill requests access to unscanned local file.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 20, 2026 (commit e36d6fd3). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| MEDIUM | Skill requests access to unscanned local file The skill instructs the LLM to open and read `resources/implementation-playbook.md`. This file was not provided in the skill package context for analysis. This represents a potential excessive permission request, as the LLM is instructed to access content that has not been scanned for security vulnerabilities. If the LLM environment allows reading arbitrary files, this could lead to data exfiltration or command injection if the playbook contains malicious instructions. It is crucial to ensure that the LLM's file access is strictly sandboxed or that all referenced local files are included in the skill package for security review. Provide all referenced local files (e.g., `resources/implementation-playbook.md`) for security scanning, or ensure the LLM's file access is strictly sandboxed to prevent reading arbitrary files outside the skill's approved scope. If the file is benign and necessary, include it in the skill package. | LLM | SKILL.md:16 |
Scan History
Embed Code
[](https://skillshield.io/report/cdd0b88a938ec2eb)
Powered by SkillShield