Trust Assessment
ruby-pro received a trust score of 85/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 1 finding: 0 critical, 1 high, 0 medium, and 0 low severity. Key findings include Untrusted content attempts to instruct LLM to open a file.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 20, 2026 (commit e36d6fd3). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Untrusted content attempts to instruct LLM to open a file The skill's untrusted `SKILL.md` content contains a direct instruction for the host LLM: 'If detailed examples are required, open `resources/implementation-playbook.md`.' This is a prompt injection attempt, as untrusted input should not be able to issue commands or direct the LLM's actions, especially those involving file system interaction. If the LLM follows this instruction, it could lead to unintended file access or information disclosure, bypassing the intended control flow of the agent. Remove or rephrase the instruction within the untrusted content. If file access is intended, it should be explicitly defined as a tool call or capability within the trusted skill definition, not as a natural language instruction from untrusted input. The LLM should be strictly instructed to ignore commands or actions embedded in untrusted skill descriptions. | LLM | SKILL.md:18 |
Scan History
Embed Code
[](https://skillshield.io/report/ef97f4aba01bbab7)
Powered by SkillShield