Security Audit
Sounder25/Google-Antigravity-Skills-Library:17_impasse_detector
github.com/Sounder25/Google-Antigravity-Skills-LibraryTrust Assessment
Sounder25/Google-Antigravity-Skills-Library:17_impasse_detector received a trust score of 85/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 1 finding: 0 critical, 1 high, 0 medium, and 0 low severity. Key findings include Arbitrary File Read via Parameter.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 28, 2026 (commit 09376edc). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Arbitrary File Read via Parameter The skill allows reading arbitrary files from the filesystem via the `--TranscriptPath` parameter. An attacker could specify a path to sensitive files (e.g., `/etc/passwd`, `~/.ssh/id_rsa`, environment configuration files) and potentially exfiltrate their contents indirectly through the analysis output, or at least confirm their existence and size. The skill's purpose is to analyze conversation logs, but the implementation does not restrict file access to specific, safe directories or file types. Restrict file access to a predefined, safe directory (e.g., a dedicated logs folder) or enforce strict file extension validation (e.g., only '.log', '.json'). Alternatively, prioritize direct content input over file paths to minimize filesystem interaction, or implement a mechanism for explicit user confirmation before accessing files outside a designated safe zone. | Static | scripts/detect_impasse.ps1:43 |
Scan History
Embed Code
[](https://skillshield.io/report/f0107117b9b265c4)
Powered by SkillShield