Security Audit
python-development
github.com/skillcreatorai/Ai-Agent-SkillsTrust Assessment
python-development received a trust score of 100/100, placing it in the Trusted category. This skill has passed all critical security checks and demonstrates strong security practices.
SkillShield's automated analysis identified 1 finding: 0 critical, 0 high, 0 medium, and 0 low severity. Key findings include Loose dependency pinning in example `pyproject.toml`.
The analysis covered 4 layers: dependency_graph, manifest_analysis, llm_behavioral_safety, static_code_analysis. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 11, 2026 (commit 6195a031). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| INFO | Loose dependency pinning in example `pyproject.toml` The `pyproject.toml` example demonstrates dependencies using loose version specifiers (`>=`). While this is common in examples, for production applications, strict pinning (`==`) or more restrictive ranges (`~=`) are generally recommended to ensure reproducibility, prevent unexpected breaking changes from upstream updates, and mitigate potential supply chain risks from malicious updates to newer versions. This is a best practice for projects developed using this skill, rather than a direct risk to the skill's execution environment. Advise users to strictly pin dependencies in their actual projects (e.g., `fastapi==0.104.1` or `fastapi~=0.104.0`). For the example itself, consider adding a comment or note about best practices for dependency pinning. | Unknown | SKILL.md:23 |
Scan History
Embed Code
[](https://skillshield.io/report/d9e103ca27c34489)
Powered by SkillShield