Trust Assessment
tool-design received a trust score of 85/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 1 finding: 0 critical, 1 high, 0 medium, and 0 low severity. Key findings include Skill Recommends Risky 'File System Agent Pattern' with Direct Command Execution.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 20, 2026 (commit e36d6fd3). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Skill Recommends Risky 'File System Agent Pattern' with Direct Command Execution The skill, which focuses on tool design for agents, advocates for an 'Architectural Reduction' pattern, specifically 'The File System Agent Pattern'. This pattern suggests providing 'direct file system access through a single command execution tool' allowing agents to use 'standard Unix utilities (grep, cat, find, ls) to explore, understand, and operate on your system.' While this skill is documentation and does not execute code, it promotes a design pattern that, if implemented without extreme caution (e.g., robust sandboxing, strict allow-listing, and least privilege), can lead to severe command injection, data exfiltration, and excessive permissions vulnerabilities. The skill acknowledges that 'Safety constraints require limiting what the agent can do' but still promotes this pattern as outperforming complexity, without sufficient emphasis on the critical security controls required. Revise the 'File System Agent Pattern' section to strongly emphasize the critical security implications of direct file system access and command execution. Provide explicit warnings about the necessity of robust sandboxing, strict allow-listing of commands, least privilege access, and careful input validation for any such tool. Detail the potential for command injection and data exfiltration if these controls are not meticulously implemented. Consider whether this pattern should be recommended at all without a comprehensive security framework in place, or if it should be presented as an advanced pattern for highly controlled environments only. | LLM | SKILL.md:64 |
Scan History
Embed Code
[](https://skillshield.io/report/f0abb46728f49d00)
Powered by SkillShield