Skills
skills/cygnusfear/agent-skills/create-mcp-skill/Gen Agent Trust Hub

create-mcp-skill

Warn

Audited by Gen Agent Trust Hub on Feb 23, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • EXTERNAL_DOWNLOADS (MEDIUM): The skill recommends installing the mcp CLI from an untrusted GitHub account (github.com/f/mcptools). Installing binaries from unverified third parties is a security risk.\n- REMOTE_CODE_EXECUTION (MEDIUM): The documentation promotes using npx and bunx to run packages from remote registries at runtime. This practice lacks version pinning and integrity verification, exposing the environment to supply chain vulnerabilities.\n- COMMAND_EXECUTION (LOW): The use of pkill -9 -f for process management is aggressive. If an attacker controls the process name pattern, they could potentially terminate unrelated system processes.\n- PROMPT_INJECTION (LOW): The 'Template Generator' functionality allows for indirect prompt injection by interpolating untrusted variables into a shell command that writes to the filesystem.\n
  • Ingestion points: $SKILL_NAME and $SERVER_COMMAND variables.\n
  • Boundary markers: Absent.\n
  • Capability inventory: Write (cat), Bash (Command Execution).\n
  • Sanitization: Absent.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 23, 2026, 04:33 AM