Security Audit
Sounder25/Google-Antigravity-Skills-Library:15_generate_gitignore
github.com/Sounder25/Google-Antigravity-Skills-LibraryTrust Assessment
Sounder25/Google-Antigravity-Skills-Library:15_generate_gitignore received a trust score of 78/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 2 findings: 0 critical, 1 high, 1 medium, and 0 low severity. Key findings include Arbitrary URL fetching for .gitignore templates, Potential command injection/path traversal via --workspace-path.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 28, 2026 (commit 09376edc). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings2
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Arbitrary URL fetching for .gitignore templates The skill's implementation explicitly states it 'Validates input templates against GitHub/gitignore API or raw URLs' and 'Fetches content for each requested template'. Allowing 'raw URLs' for fetching templates introduces significant supply chain risks, potential for Server-Side Request Forgery (SSRF), and data exfiltration. An attacker could provide a URL to a malicious server, causing the skill's execution environment to make requests to arbitrary external or internal resources. This could lead to: 1) SSRF by targeting internal network services, 2) Data exfiltration by logging request metadata (IP, user-agent) on an attacker-controlled server, or 3) Supply chain risk by injecting arbitrary, potentially harmful, content into the user's .gitignore file (e.g., ignoring critical security files or including misleading comments that could be part of a social engineering attack). Restrict template sources to a predefined allowlist (e.g., only `github.com/github/gitignore` and specific subpaths). If custom URLs are absolutely necessary, implement strict URL validation to prevent arbitrary external/internal requests, and consider sandboxing network requests to prevent SSRF and limit data exfiltration. Ensure content fetched from external sources is thoroughly sanitized before being written to the file system. | Static | SKILL.md:36 | |
| MEDIUM | Potential command injection/path traversal via --workspace-path The skill accepts a `--workspace-path` parameter which defaults to the current directory. If the underlying `generate_gitignore.ps1` script uses this user-supplied path directly in file system operations or shell commands without proper sanitization, it could be vulnerable to command injection or path traversal. An attacker could craft a malicious path (e.g., `../../../../etc/passwd` or `.; rm -rf /`) to access restricted directories, overwrite critical files, or execute arbitrary commands on the host system. Ensure all user-supplied path inputs, such as `--workspace-path`, are rigorously sanitized and validated to prevent directory traversal characters (`..`, `/`, `\`) and command injection characters (`;`, `&`, `|`, etc.). Use platform-specific safe path manipulation functions (e.g., `Join-Path` in PowerShell) and validate that the resolved path remains within the intended working directory or a designated safe area. | Static | SKILL.md:20 |
Scan History
Embed Code
[](https://skillshield.io/report/1d4482a41780559b)
Powered by SkillShield