Trust Assessment
docs-writer received a trust score of 95/100, placing it in the Trusted category. This skill has passed all critical security checks and demonstrates strong security practices.
SkillShield's automated analysis identified 1 finding: 0 critical, 0 high, 1 medium, and 0 low severity. Key findings include Skill grants broad file write access without explicit path restrictions.
The analysis covered 4 layers: manifest_analysis, llm_behavioral_safety, static_code_analysis, dependency_graph. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 11, 2026 (commit f4b5c7d6). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| MEDIUM | Skill grants broad file write access without explicit path restrictions The skill instructs the agent to use `replace` and `write_file` tools for modifying and creating files. While these tools are necessary for the skill's purpose (writing documentation), the skill's instructions do not explicitly restrict the agent to specific directories (e.g., `/docs`, `/references`) for these write operations. This broad permission, if not adequately sandboxed by the underlying tool execution environment, could allow an attacker to prompt the agent to write to arbitrary locations, potentially overwriting critical system files or exfiltrating data by writing it to publicly accessible locations. Implement explicit path restrictions within the `replace` and `write_file` tool definitions to limit write operations to designated documentation directories (e.g., `/docs`, `/references`). Alternatively, add explicit instructions within the skill to only perform write operations within these specified directories, and ensure the agent strictly adheres to these constraints. | Unknown | SKILL.md:37 |
Scan History
Embed Code
[](https://skillshield.io/report/bf129b0611215050)
Powered by SkillShield