Trust Assessment
frontend-blueprint received a trust score of 85/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 1 finding: 0 critical, 0 high, 1 medium, and 0 low severity. Key findings include Potential Credential Handling Instruction.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on June 1, 2026 (commit 81e7e0dd). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| MEDIUM | Potential Credential Handling Instruction The skill instructs the agent to guide users through an 'API Key method' for setting up 'Stitch MCP'. While the current document does not explicitly instruct the agent to store or transmit the API key, it directs the agent to solicit sensitive credentials from the user. The actual security risk depends on how the agent is instructed to handle these keys in `references/stitch-integration.md` and the underlying tool implementation. This pattern could lead to credential harvesting or mishandling if not properly secured. Review `references/stitch-integration.md` to ensure that any API keys or sensitive credentials solicited from the user are handled securely. Ensure the agent is explicitly instructed NOT to store, log, or transmit these credentials without explicit, secure user consent and proper encryption. If the agent needs to use the key, it should be passed directly to a secure tool/API and not retained by the agent itself. | LLM | SKILL.md:125 |
Scan History
Embed Code
[](https://skillshield.io/report/ccd194e16eb893c9)
Powered by SkillShield