Security Audit
typescript-advanced-types
github.com/sickn33/antigravity-awesome-skillsTrust Assessment
typescript-advanced-types received a trust score of 72/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 1 finding: 1 critical, 0 high, 0 medium, and 0 low severity. Key findings include Untrusted skill attempts to instruct host LLM.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 20, 2026 (commit e36d6fd3). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Untrusted skill attempts to instruct host LLM The skill's `SKILL.md` file, which is treated as untrusted input, contains direct instructions intended for the host LLM. This is a prompt injection attempt, as the untrusted skill is trying to dictate the LLM's behavior and actions, including potentially accessing local files (e.g., 'open `resources/implementation-playbook.md`'). Such instructions can manipulate the LLM to perform unintended actions or deviate from its primary task. Remove direct instructions to the host LLM from untrusted skill content. If the skill needs to guide the LLM's behavior, this should be done through trusted skill definitions or a secure skill execution environment, not via untrusted markdown. Specifically, remove instructions like 'Clarify goals...', 'Apply relevant...', 'Provide actionable...', and 'open `resources/implementation-playbook.md`'. | LLM | SKILL.md:20 |
Scan History
Embed Code
[](https://skillshield.io/report/07a5bb8ef947b956)
Powered by SkillShield