Security Audit
python-development
github.com/skillcreatorai/Ai-Agent-SkillsTrust Assessment
python-development received a trust score of 100/100, placing it in the Trusted category. This skill has passed all critical security checks and demonstrates strong security practices.
SkillShield's automated analysis identified 1 finding: 0 critical, 0 high, 0 medium, and 0 low severity. Key findings include Loose dependency pinning in example `pyproject.toml`.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 11, 2026 (commit 6195a031). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| INFO | Loose dependency pinning in example `pyproject.toml` The `pyproject.toml` example demonstrates dependencies using loose version specifiers (`>=`). While this is common in examples, for production applications, strict pinning (`==`) or more restrictive ranges (`~=`) are generally recommended to ensure reproducibility, prevent unexpected breaking changes from upstream updates, and mitigate potential supply chain risks from malicious updates to newer versions. This is a best practice for projects developed using this skill, rather than a direct risk to the skill's execution environment. Advise users to strictly pin dependencies in their actual projects (e.g., `fastapi==0.104.1` or `fastapi~=0.104.0`). For the example itself, consider adding a comment or note about best practices for dependency pinning. | Static | SKILL.md:23 |
Scan History
Embed Code
[](https://skillshield.io/report/d9e103ca27c34489)
Powered by SkillShield