discover-tools
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill is designed to discover and report on workspace resources, creating a path for untrusted data to enter the agent's context. \n
- Ingestion points: Metadata such as names and descriptions of UC Functions, Tables, Genie Spaces, and MCP servers entering the context via the
discover-toolscommand output. \n - Boundary markers: None are specified in the documentation to distinguish between discovery data and instructions. \n
- Capability inventory: Discovery and reporting of workspace resources; no high-risk write or execution capabilities are present in this specific documentation. \n
- Sanitization: There is no mention of sanitizing or validating resource metadata before presentation to the agent.
Audit Metadata