mattermost-cli
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATIONCOMMAND_EXECUTION
Full Analysis
- PROMPT_INJECTION (LOW): Indirect Prompt Injection vulnerability surface. The skill ingests untrusted data from external Mattermost chat conversations that could contain malicious instructions designed to influence the agent's behavior.
- Ingestion points: Output from the
mm dmsandmm channelscommands. - Boundary markers: Absent. The skill does not define specific delimiters or instructions for the agent to treat chat content as untrusted data.
- Capability inventory: The agent has the ability to read private messages, list channels, and use shell redirection.
- Sanitization: The skill claims to redact secrets but does not provide sanitization against natural language command injection within chat messages.
- DATA_EXFILTRATION (LOW): Local data exposure risks.
- The skill accesses its own configuration file at
~/.config/mattermost-cli/config.tomlwhich contains sensitive API tokens (MM_TOKEN). While necessary for the tool's function, this is a sensitive credential path. - Example workflows suggest writing sensitive JSON chat data to
/tmp/bob-chat.json. On multi-user systems, data written to/tmp/without specific permissions may be accessible to other local users. - COMMAND_EXECUTION (SAFE): The skill utilizes a local
mmCLI tool. There are no patterns of remote code execution, dynamic code generation, or downloads from untrusted sources detected in the provided file.
Audit Metadata