mcp-code-execution
Warn
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes shell commands to execute Python modules and scripts for data processing. Examples include 'python -m module_name' in SKILL.md and 'python tools/extracted_tool.py' in mcp-patterns.md. The 'extracted_tool.py' file is not included in the skill distribution, which represents a risk as the agent is instructed to execute a file whose contents are unknown and unverifiable.
- [PROMPT_INJECTION]: The skill is designed to process complex data pipelines through multiple subagents, creating an indirect prompt injection surface.
- Ingestion points: Data enters the system via the 'input_data' parameter in coordination functions and 'workflow' objects during classification.
- Boundary markers: There are no explicit boundary markers or instructions to disregard embedded commands within the processed data.
- Capability inventory: The skill has the capability to execute system commands and delegate tasks to subagents with their own system contexts.
- Sanitization: No validation or sanitization of input data is performed before it is passed to execution tools or subagents.
Audit Metadata