Trust Assessment
kpi-dashboard-design received a trust score of 72/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 1 finding: 1 critical, 0 high, 0 medium, and 0 low severity. Key findings include Prompt Injection: Instruction to read external file.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on June 1, 2026 (commit 0818067b). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Prompt Injection: Instruction to read external file The untrusted content contains a direct instruction to the host LLM to read an external file (`references/details.md`). This is a prompt injection attempt, as the LLM is being manipulated to perform an action based on untrusted input, potentially leading to information disclosure or further manipulation if the referenced file contains malicious content or sensitive information. Remove or neutralize any instructions within untrusted content that direct the LLM to perform actions, especially file system operations. The LLM should be strictly instructed to treat content within untrusted delimiters as data, not commands. | LLM | SKILL.md:40 |
Scan History
Embed Code
[](https://skillshield.io/report/5ebe30451dbaf104)
Powered by SkillShield