Security Audit
senior-architect
github.com/sickn33/antigravity-awesome-skillsTrust Assessment
senior-architect received a trust score of 85/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 3 findings: 0 critical, 0 high, 0 medium, and 3 low severity. Key findings include Sensitive path disclosure via output file.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 20, 2026 (commit e36d6fd3). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| LOW | Sensitive path disclosure via output file The script accepts a 'target' path as a command-line argument and includes its string representation in the JSON output. If the '--json' and '--output' flags are used, this output, including the potentially sensitive 'target' path string, is written to an arbitrary file path specified by the user. An attacker could provide a path to a sensitive file or directory (e.g., '/etc/passwd', '~/.ssh/') as the 'target' argument and direct the output to a publicly accessible location, leading to the disclosure of the sensitive path string. Consider redacting or sanitizing the 'target' path in the output if it's not strictly necessary for the report, especially when writing to user-specified output files. Alternatively, restrict the allowed 'target' paths or output file locations to prevent disclosure of sensitive system information. | LLM | scripts/architecture_diagram_generator.py:100 | |
| LOW | Sensitive path disclosure via output file The script accepts a 'target' path as a command-line argument and includes its string representation in the JSON output. If the '--json' and '--output' flags are used, this output, including the potentially sensitive 'target' path string, is written to an arbitrary file path specified by the user. An attacker could provide a path to a sensitive file or directory (e.g., '/etc/passwd', '~/.ssh/') as the 'target' argument and direct the output to a publicly accessible location, leading to the disclosure of the sensitive path string. Consider redacting or sanitizing the 'target' path in the output if it's not strictly necessary for the report, especially when writing to user-specified output files. Alternatively, restrict the allowed 'target' paths or output file locations to prevent disclosure of sensitive system information. | LLM | scripts/dependency_analyzer.py:100 | |
| LOW | Sensitive path disclosure via output file The script accepts a 'target' path as a command-line argument and includes its string representation in the JSON output. If the '--json' and '--output' flags are used, this output, including the potentially sensitive 'target' path string, is written to an arbitrary file path specified by the user. An attacker could provide a path to a sensitive file or directory (e.g., '/etc/passwd', '~/.ssh/') as the 'target' argument and direct the output to a publicly accessible location, leading to the disclosure of the sensitive path string. Consider redacting or sanitizing the 'target' path in the output if it's not strictly necessary for the report, especially when writing to user-specified output files. Alternatively, restrict the allowed 'target' paths or output file locations to prevent disclosure of sensitive system information. | LLM | scripts/project_architect.py:100 |
Scan History
Embed Code
[](https://skillshield.io/report/e5c2ec97822f6ec3)
Powered by SkillShield