Security Audit
web-design-guidelines
github.com/tech-leads-club/agent-skillsTrust Assessment
web-design-guidelines received a trust score of 70/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 2 findings: 0 critical, 2 high, 0 medium, and 0 low severity. Key findings include Potential Data Exfiltration via Arbitrary File Read, Excessive File System Permissions Implied by Skill Design.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on June 1, 2026 (commit 81e7e0dd). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings2
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Potential Data Exfiltration via Arbitrary File Read The skill explicitly states its intention to 'Read the specified files' and process their content. If a malicious user provides paths to sensitive system files (e.g., `/etc/passwd`, `.env` files, private keys, application logs), the skill could read these files and potentially expose their contents in its output, leading to data exfiltration. The skill's output format, which includes 'State issue + location' and 'Skip explanation unless fix is non-obvious', implies that portions of the file content might be included in the findings. Implement strict input validation for file paths to prevent reading arbitrary files. Restrict file access to specific, non-sensitive directories and file types. Sanitize or redact any potentially sensitive information from the skill's output before it is returned to the user. | Static | SKILL.md:8 | |
| HIGH | Excessive File System Permissions Implied by Skill Design The skill's core functionality, 'Review UI code for Web Interface Guidelines compliance', requires reading user-specified files. The manifest's `argument-hint` also indicates `<file-or-pattern>` input. This implies that the agent executing this skill will need file system read access. If the agent's execution environment grants broad read access to the entire file system, rather than being strictly confined to a safe sandbox or specific, non-sensitive directories, it could lead to excessive permissions. A malicious user could exploit this to access and read sensitive files outside the intended scope of UI code review. Ensure the agent's execution environment is sandboxed with the principle of least privilege. Grant only the minimal necessary file system read permissions, ideally restricted to specific project directories or temporary workspaces, and disallow access to system-level or user-sensitive paths. | Static | Manifest:1 |
Scan History
Embed Code
[](https://skillshield.io/report/30258616d75c831d)
Powered by SkillShield