Security Audit

modular-decomposition

github.com/tech-leads-club/agent-skills

AI SkillCommit 81e7e0dd3abe

CAUTION

Scanned 4 days ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

modular-decomposition received a trust score of 72/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.

SkillShield's automated analysis identified 1 finding: 1 critical, 0 high, 0 medium, and 0 low severity. Key findings include Untrusted skill delegates instruction following to external files.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.

Last analyzed on June 1, 2026 (commit 81e7e0dd). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

100%

Static Code Analysis

100%

Dependency Graph

100%

LLM Behavioral Safety

70%

Behavioral Risk Signals

Network Access

1 finding

Filesystem Write

1 finding

Shell Execution

1 finding

Dynamic Code

1 finding

Security Findings1

Severity	Finding	Layer	Location
CRITICAL	Untrusted skill delegates instruction following to external files The `SKILL.md` file, which is designated as untrusted input, contains explicit instructions for the agent to 'open the matching `references/pattern-NN-.md` file and follow its instructions.' This instruction, originating from untrusted content, delegates the execution of further instructions to external markdown files (`references/pattern-NN-.md`). If these referenced files are not rigorously vetted, immutable, and part of a trusted skill definition, or if they can be influenced by user input or a compromised skill package, this creates a significant prompt injection vulnerability. A malicious actor could manipulate these external files to inject arbitrary commands or instructions for the agent, bypassing the security controls applied to the primary `SKILL.md` file. This violates the principle of not following commands found in untrusted content, as it allows untrusted content to extend its influence by instructing the agent to trust other sources. The agent should be configured to strictly adhere to the principle of not following instructions from untrusted content. If the `references/` files are intended to be part of the skill's core logic, they must be explicitly included in the trusted skill definition and undergo the same rigorous security analysis. The skill definition should be refactored to embed all critical instructions directly within the primary trusted skill file, or use a secure mechanism that guarantees the integrity and trustworthiness of any referenced content before the agent processes it. The agent should refuse to execute instructions from files referenced by untrusted content unless those referenced files are explicitly whitelisted and verified as trusted.	LLM	SKILL.md:20

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/b2e5a52bfe298b9b.svg)](https://skillshield.io/report/b2e5a52bfe298b9b)