Skills
skills/artwist-polyakov/polyakov-claude-skills/agent-deck/Gen Agent Trust Hub

agent-deck

Warn

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • COMMAND_EXECUTION (MEDIUM): The skill's primary function involves configuring and launching Model Context Protocol (MCP) servers defined in ~/.agent-deck/config.toml. These servers are executed as shell commands (e.g., npx, docker, python), providing a vector for arbitrary command execution if the configuration is compromised.
  • EXTERNAL_DOWNLOADS (MEDIUM): Documentation and configuration examples (e.g., in config-reference.md) encourage the use of npx -y to download and execute packages from the npm registry at runtime. These include servers like exa-mcp-server and @modelcontextprotocol/server-github, which are not verified by the skill.
  • PROMPT_INJECTION (LOW): The scripts/launch-subagent.sh script creates an attack surface for indirect prompt injection by accepting a PROMPT argument and passing it directly to a sub-agent session.
  • Ingestion points: PROMPT argument in scripts/launch-subagent.sh and agent-deck session send command.
  • Boundary markers: Absent; the prompt is interpolated directly into the session.
  • Capability inventory: Sub-agents typically have broad tool-use capabilities, including filesystem access and network requests via MCP servers.
  • Sanitization: None detected for the prompt content.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 17, 2026, 06:32 PM