cookiy
Pass
Audited by Gen Agent Trust Hub on Mar 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill requires the agent to execute shell commands like 'npx cookiy-mcp' or 'brew install cookiy-ai/tap/cookiy' to install the underlying MCP server. These commands are legitimate setup requirements for the vendor's service.
- [EXTERNAL_DOWNLOADS]: The skill fetches the 'cookiy-mcp' package from the npm registry and uses Homebrew taps. These resources are owned by the verified author 'cookiy-ai'.
- [PROMPT_INJECTION]: The skill processes untrusted external data, such as research goals and participant interview transcripts, which creates a surface for indirect prompt injection. 1. Ingestion points: 'cookiy_study_create' (query) and 'cookiy_interview_playback_get' (transcript). 2. Boundary markers: None. No instructions are provided to use delimiters or ignore instructions within these data fields. 3. Capability inventory: Terminal command execution, file/media upload via 'cookiy_media_upload', and report generation. 4. Sanitization: Not specified.
Audit Metadata