Security Audit

Sounder25/Google-Antigravity-Skills-Library:08_context_pruner

github.com/Sounder25/Google-Antigravity-Skills-Library

AI SkillCommit 09376edc64e9

CAUTION

Scanned about 1 month ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

Sounder25/Google-Antigravity-Skills-Library:08_context_pruner received a trust score of 63/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.

SkillShield's automated analysis identified 2 findings: 1 critical, 0 high, 1 medium, and 0 low severity. Key findings include Potential Command Injection via user-controlled input to PowerShell script, Broad filesystem access enabling potential sensitive data exposure.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The Static Code Analysis layer scored lowest at 63/100, indicating areas for improvement.

Last analyzed on February 28, 2026 (commit 09376edc). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

100%

Static Code Analysis

63%

Dependency Graph

100%

LLM Behavioral Safety

100%

Behavioral Risk Signals

Filesystem Write

1 finding

Shell Execution

1 finding

Dynamic Code

1 finding

Excessive Permissions

1 finding

Security Findings2

Severity	Finding	Layer	Location
CRITICAL	Potential Command Injection via user-controlled input to PowerShell script The skill's implementation is explicitly stated to be in `prune_context.ps1`, a PowerShell script. The `--focus` parameter, which is a user-controlled string, is passed directly to this script. If the `prune_context.ps1` script does not properly sanitize or escape this input before using it in shell commands (e.g., `Select-String`, `Get-ChildItem -Filter`), a malicious user could inject arbitrary PowerShell commands. This could lead to remote code execution, data exfiltration, or system compromise. The `prune_context.ps1` script must implement robust input sanitization and validation for the `--focus` parameter. Avoid direct string interpolation into shell commands. Instead, use safe PowerShell cmdlets with proper parameter binding (e.g., `-LiteralPath`, `-Filter` with careful escaping, or `-Pattern` for regex where appropriate) to prevent command injection.	Static	SKILL.md:37
MEDIUM	Broad filesystem access enabling potential sensitive data exposure The skill is designed to search the entire workspace for files based on user-provided keywords (`--focus`) and output their absolute paths in `RELEVANT_FILES.txt`. This broad read access to the filesystem, combined with the agent's ability to then read these identified files, could allow an attacker to craft a `--focus` query to locate and expose sensitive files (e.g., `.env` files, configuration files containing credentials, private keys, or other sensitive data) to the agent. While the skill itself doesn't directly exfiltrate the content, it provides the means for the agent to gain access to and potentially misuse sensitive information. Consider restricting the scope of file searching to specific, non-sensitive directories or file types. Implement a whitelist of allowed file extensions or paths. Add explicit warnings or safeguards against searching for known sensitive file types. Ensure the agent's overall permissions are configured with the principle of least privilege.	Static	SKILL.md:10

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/fb3bbf5790460af0.svg)](https://skillshield.io/report/fb3bbf5790460af0)