Security Audit
security-requirement-extraction
github.com/sickn33/antigravity-awesome-skillsTrust Assessment
security-requirement-extraction received a trust score of 85/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 1 finding: 0 critical, 1 high, 0 medium, and 0 low severity. Key findings include Untrusted content contains direct command to LLM.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 20, 2026 (commit e36d6fd3). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Untrusted content contains direct command to LLM The `SKILL.md` file, which is entirely marked as untrusted input, contains a direct instruction for the LLM to 'open' a file. According to SkillShield's rules, content within the untrusted delimiters should be treated as data, not instructions, and commands found within it should never be followed. This constitutes a prompt injection attempt as it tries to manipulate the LLM's behavior by issuing a command from an untrusted source. Remove direct instructions or commands intended for the LLM from content marked as untrusted. If this content is meant to guide the LLM, it should be placed outside the untrusted input delimiters or handled through a trusted mechanism. | LLM | SKILL.md:22 |
Scan History
Embed Code
[](https://skillshield.io/report/52e21d928831b31b)
Powered by SkillShield