Security Audit

seo-content-planner

github.com/sickn33/antigravity-awesome-skills

AI SkillCommit e36d6fd3b3f6

TRUSTED

Scanned about 2 months ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

seo-content-planner received a trust score of 81/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.

SkillShield's automated analysis identified 2 findings: 0 critical, 1 high, 1 medium, and 0 low severity. Key findings include Untrusted content instructs LLM to open a file, Untrusted content sets LLM's role and behavior.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.

Last analyzed on February 20, 2026 (commit e36d6fd3). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

100%

Static Code Analysis

100%

Dependency Graph

100%

LLM Behavioral Safety

78%

Behavioral Risk Signals

Filesystem Write

1 finding

Shell Execution

1 finding

Dynamic Code

2 findings

Excessive Permissions

1 finding

Security Findings2

Severity	Finding	Layer	Location
HIGH	Untrusted content instructs LLM to open a file The skill's `SKILL.md` contains an instruction for the host LLM to 'open `resources/implementation-playbook.md`'. Since the entire `SKILL.md` is marked as untrusted input, this constitutes a prompt injection attempt where untrusted content is dictating an action (file access) to the LLM. This could lead to unauthorized file reads or other actions if the LLM has file system access and the path can be manipulated. Remove direct instructions to the LLM from untrusted skill content. If file access is necessary, it should be mediated through a trusted tool or API with proper validation and access controls, not via direct LLM instruction.	LLM	skills/seo-content-planner/SKILL.md:21
MEDIUM	Untrusted content sets LLM's role and behavior The skill's `SKILL.md` contains instructions like 'You are an SEO content strategist...' and 'Focus on comprehensive coverage and logical content progression.' These are attempts by untrusted content to define the LLM's persona and direct its general behavior. This is a form of prompt injection, as untrusted input is manipulating the host LLM's internal state and processing. All instructions for the LLM should originate from trusted system prompts or be explicitly passed as parameters to trusted tools. Untrusted skill content should only provide data or context, not direct instructions to the LLM.	LLM	skills/seo-content-planner/SKILL.md:23

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/937d49125ac7266f.svg)](https://skillshield.io/report/937d49125ac7266f)