Security Audit
tutorial-engineer
github.com/sickn33/antigravity-awesome-skillsTrust Assessment
tutorial-engineer received a trust score of 85/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 1 finding: 0 critical, 1 high, 0 medium, and 0 low severity. Key findings include Untrusted content instructs LLM to open local file.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 20, 2026 (commit e36d6fd3). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Untrusted content instructs LLM to open local file The skill's instructions, provided as untrusted content, contain a directive for the LLM to 'open `resources/implementation-playbook.md`'. This is a direct instruction to the host LLM to interact with the local filesystem, which constitutes a prompt injection attempt to manipulate the LLM's behavior. If the LLM's file access is not properly sandboxed, this could be exploited to read arbitrary files, potentially leading to data exfiltration. Remove or rephrase the instruction to avoid direct commands to the LLM from untrusted content. If the intent is for the LLM to utilize the content of this file, it should be provided as part of the trusted context or the LLM should be instructed to 'refer to' or 'consider' the file, rather than 'open' it. | LLM | SKILL.md:16 |
Scan History
Embed Code
[](https://skillshield.io/report/de5bb8644b41f398)
Powered by SkillShield