Security Audit
wiki-onboarding
github.com/sickn33/antigravity-awesome-skillsTrust Assessment
wiki-onboarding received a trust score of 85/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 1 finding: 0 critical, 1 high, 0 medium, and 0 low severity. Key findings include Broad Repository Read Access Requested.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 20, 2026 (commit e36d6fd3). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Broad Repository Read Access Requested The skill explicitly instructs the LLM to 'Scan the repository for build files' and to cite specific file paths and line numbers from the codebase. This implies broad read access to the entire repository's file system, including potentially sensitive source code, configuration files, or other data. While necessary for the skill's stated function of generating comprehensive onboarding guides, this broad access, if not properly sandboxed, could be leveraged by a malicious prompt injection to exfiltrate sensitive data or expose internal system details. Implement strict sandboxing for file access, limiting the LLM's ability to read only necessary files/directories or preventing it from outputting raw file contents without explicit user confirmation. Consider a file access control list (ACL) or a virtualized file system that restricts access to sensitive areas (e.g., `.env` files, `.git` directories, `/etc/`). | LLM | SKILL.md:20 |
Scan History
Embed Code
[](https://skillshield.io/report/14992d84669fffb4)
Powered by SkillShield