Trust Assessment
gitlab-ci-patterns received a trust score of 85/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 1 finding: 0 critical, 1 high, 0 medium, and 0 low severity. Key findings include Insecure Kubernetes TLS Verification Disabled.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on June 1, 2026 (commit 0818067b). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Insecure Kubernetes TLS Verification Disabled The provided GitLab CI/CD template for Kubernetes deployment explicitly disables TLS certificate verification using `--insecure-skip-tls-verify=true`. This practice significantly weakens the security of the connection to the Kubernetes API server, making it vulnerable to man-in-the-middle (MITM) attacks. An attacker could intercept or tamper with communication, potentially leading to credential harvesting (e.g., `$KUBE_TOKEN`) or unauthorized control over the Kubernetes cluster. Remove the `--insecure-skip-tls-verify=true` flag. Ensure that the Kubernetes API server uses a trusted TLS certificate and configure `kubectl` to validate it. If using a private CA, ensure the CA certificate is properly configured and trusted within the CI environment. | LLM | SKILL.md:75 |
Scan History
Embed Code
[](https://skillshield.io/report/da9402dea910ecce)
Powered by SkillShield