Skills
skills/aradotso/trending-skills/keyid-agent-kit-mcp/Gen Agent Trust Hub

keyid-agent-kit-mcp

Pass

Audited by Gen Agent Trust Hub on Mar 19, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill documentation encourages the use of npx to fetch and run the @keyid/agent-kit package from the npm registry.
  • [REMOTE_CODE_EXECUTION]: The configuration examples for Claude Desktop and Cursor specify the execution of remote code via npx @keyid/agent-kit. This pattern executes the latest version of the tool directly from the network during agent startup.
  • [PROMPT_INJECTION]: The skill creates a surface for indirect prompt injection attacks by allowing the agent to read external, untrusted content.
  • Ingestion points: External email data is ingested via tools such as keyid_get_inbox and keyid_get_thread (as described in SKILL.md).
  • Boundary markers: The skill does not define specific delimiters or "ignore instructions" warnings to wrap incoming email content.
  • Capability inventory: The agent possesses significant capabilities that could be exploited via injection, including sending emails (keyid_send), modifying auto-replies (keyid_set_auto_reply), and managing contacts (keyid_create_contact).
  • Sanitization: There is no evidence of content sanitization or validation performed on incoming email text before it is presented to the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 19, 2026, 06:29 AM