Skills
skills/ds-codi/project-memory-mcp/notion-archive-container-mcp/Gen Agent Trust Hub

notion-archive-container-mcp

Warn

Audited by Gen Agent Trust Hub on Mar 10, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The exec_command tool enables the execution of arbitrary shell commands within the managed container environment.
  • Evidence: Defined in SKILL.md under the 'Container Interaction Tools' section, providing parameters for service and command.
  • Context: While the skill provides examples like ls and ps, the tool can be used to execute any command, including those that modify the filesystem or read application source code and configuration files.
  • [PROMPT_INJECTION]: The skill is vulnerable to Indirect Prompt Injection because it ingests and processes untrusted data from container logs.
  • Ingestion points: The get_logs and search_logs tools (defined in SKILL.md) retrieve logs from running services.
  • Boundary markers: No specific boundary markers or instructions to ignore embedded commands are specified when displaying log output to the agent.
  • Capability inventory: The agent possesses powerful capabilities, including exec_command, stop_service, rebuild_service, and compose_down, which could be triggered if the agent follows instructions embedded in log data.
  • Sanitization: There is no evidence of log content sanitization or instruction filtering before the data is presented to the agent's context.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 10, 2026, 03:18 AM