Trust Assessment
embedding-strategies received a trust score of 93/100, placing it in the Trusted category. This skill has passed all critical security checks and demonstrates strong security practices.
SkillShield's automated analysis identified 1 finding: 0 critical, 0 high, 1 medium, and 0 low severity. Key findings include Unpinned Third-Party Dependencies.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 11, 2026 (commit 5d65aa10). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| MEDIUM | Unpinned Third-Party Dependencies The skill's code examples rely on several external Python libraries (e.g., `langchain_voyageai`, `openai`, `sentence_transformers`, `tiktoken`, `nltk`, `tree_sitter_languages`, `numpy`, `scipy`). The provided skill context does not include a `requirements.txt` or similar mechanism to pin these dependencies to specific versions. This lack of version pinning introduces a supply chain risk, as a future malicious or vulnerable update to any of these libraries could be automatically pulled in during installation, potentially compromising the system. Provide a `requirements.txt` file alongside the skill, explicitly listing all third-party dependencies with pinned versions (e.g., `package_name==1.2.3`). This ensures deterministic and secure dependency resolution. | Static | SKILL.md:43 |
Scan History
Embed Code
[](https://skillshield.io/report/2b69c72d818783c1)
Powered by SkillShield