Trust Assessment
writing-guidelines received a trust score of 85/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 1 finding: 0 critical, 1 high, 0 medium, and 0 low severity. Key findings include Indirect Prompt Injection via Unpinned Remote Instructions.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on July 1, 2026 (commit f8a72b96). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Indirect Prompt Injection via Unpinned Remote Instructions The skill fetches instructions dynamically from a remote URL (https://raw.githubusercontent.com/vercel-labs/writing-guidelines/main/command.md) using the 'main' branch and instructs the LLM to follow the rules and instructions contained within. Because the remote content is not pinned to a specific commit hash and is executed directly by the LLM, an attacker who compromises the remote repository or modifies the file can inject malicious instructions (Indirect Prompt Injection). This could lead to unauthorized file access, data exfiltration, or arbitrary command execution within the agent's environment. Pin the remote resource to a specific, immutable commit hash instead of the 'main' branch (e.g., use a specific commit SHA in the URL). Additionally, sanitize or restrict the fetched content to ensure it only contains declarative rules rather than executable instructions or system prompts. | LLM | SKILL.md:15 |
Scan History
Embed Code
[](https://skillshield.io/report/c9d9bb3ff2159a90)
Powered by SkillShield