Security Audit
skill-rails-upgrade
github.com/sickn33/antigravity-awesome-skillsTrust Assessment
skill-rails-upgrade received a trust score of 65/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 2 findings: 1 critical, 1 high, 0 medium, and 0 low severity. Key findings include Execution of user-controlled scripts and external binaries, Excessive file system and network access.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 55/100, indicating areas for improvement.
Last analyzed on February 20, 2026 (commit e36d6fd3). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings2
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Execution of user-controlled scripts and external binaries The skill explicitly instructs the execution of multiple shell commands, including scripts located within the user's project's `bin/` directory (e.g., `bin/importmap`, `bin/rails`, `bin/dev`). It also executes external binaries like `npm` and `gh`. If a malicious actor modifies these local scripts or if the external binaries are compromised or configured with excessive permissions, the skill will execute arbitrary code with the permissions of the AI agent, leading to severe compromise of the user's environment and data. This includes potential data exfiltration, system modification, or installation of malware. Avoid direct execution of user-controlled scripts or external binaries without strict sandboxing, input validation, and explicit user confirmation for each command. If direct execution is unavoidable, ensure that the execution environment is highly restricted and isolated, and that all arguments are strictly validated against a whitelist of safe values. Consider using a dedicated, sandboxed execution environment for such operations. | LLM | SKILL.md:109 | |
| HIGH | Excessive file system and network access The skill requires broad access to the local file system (reading `Gemfile`, `package.json`, `config/application.rb`, `db/migrate/`, writing to `/tmp` for `rails new`) and network resources (fetching from `guides.rubyonrails.org`, `railsdiff.org`, and interacting with GitHub API via `gh`). While necessary for its stated purpose, this combination of permissions, especially when coupled with command execution capabilities, grants the skill significant power over the user's environment. This broad access increases the attack surface and the potential impact of any successful command injection or other vulnerabilities. Implement a least-privilege model, ensuring the skill only has access to the specific files and network resources absolutely necessary for its operation. Where possible, use dedicated, sandboxed tools or APIs that limit the scope of operations rather than general-purpose shell commands. Clearly communicate the required permissions to the user and obtain explicit consent. | LLM | SKILL.md:20 |
Scan History
Embed Code
[](https://skillshield.io/report/d9d174a487e3e01a)
Powered by SkillShield