Security Audit

team-collaboration-standup-notes

github.com/sickn33/antigravity-awesome-skills

AI SkillCommit e36d6fd3b3f6

TRUSTED

Scanned 1 day ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

team-collaboration-standup-notes received a trust score of 85/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.

SkillShield's automated analysis identified 1 finding: 0 critical, 0 high, 1 medium, and 0 low severity. Key findings include Skill requests access to multiple sensitive user data sources.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.

Last analyzed on February 20, 2026 (commit e36d6fd3). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

100%

Static Code Analysis

100%

Dependency Graph

100%

LLM Behavioral Safety

93%

Behavioral Risk Signals

Network Access

1 finding

Filesystem Write

1 finding

Excessive Permissions

1 finding

Security Findings1

Severity	Finding	Layer	Location
MEDIUM	Skill requests access to multiple sensitive user data sources The skill explicitly declares requirements for integrations that provide access to sensitive user data, including Obsidian vaults, Jira tickets, Git commit history, and calendar events. While access to these sources may be necessary for the skill's stated function (generating standup notes), the broad nature of 'Vault access' and 'Jira ticket queries' could lead to excessive permissions if the underlying `mcp-obsidian` and `atlassian` integrations are configured with wider scopes (e.g., write access, access to all data) than strictly required. This creates a potential risk if the skill were to be compromised or behave maliciously, as it would have access to a significant amount of personal and project-related data. Ensure that the `mcp-obsidian` and `atlassian` integrations are configured with the principle of least privilege, granting only the minimum necessary read-only access to specific vaults/projects required for the skill's operation. Implement granular permission controls for these integrations to prevent unintended data exposure or manipulation.	LLM	SKILL.md:30

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/786311fc65f9e483.svg)](https://skillshield.io/report/786311fc65f9e483)