idea-mcp
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill documentation in SKILL.md describes the
execute_terminal_commandtool, which allows the agent to execute arbitrary shell commands within the IntelliJ IDEA context with the user's system permissions. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its ability to read and process untrusted codebase data.
- Ingestion points: Tools defined in SKILL.md, such as
get_file_text_by_path,search_in_files_by_text, andget_file_problems, ingest content from external project files into the agent's context. - Boundary markers: Absent in SKILL.md; no delimiters or instructions are specified to prevent the agent from obeying natural language commands found within the ingested files.
- Capability inventory: SKILL.md describes powerful capabilities including file modification (
replace_text_in_file,rename_refactoring), file creation (create_new_file), and arbitrary command execution (execute_terminal_command). - Sanitization: Absent in SKILL.md; there is no mention of sanitizing, escaping, or validating the ingested file content before it influences the agent's behavior.
Audit Metadata