Skills
skills/duc01226/easyplatform/use-mcp/Gen Agent Trust Hub

use-mcp

Fail

Audited by Gen Agent Trust Hub on Apr 4, 2026

Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The execution logic in SKILL.md uses echo "$ARGUMENTS..." | gemini ..., which is highly vulnerable to shell command injection. Since the $ARGUMENTS variable is placed within a double-quoted string, shell metacharacters such as backticks or $(...) can be exploited to execute arbitrary commands on the host system.
  • [PROMPT_INJECTION]: The skill explicitly instructs the agent to 'Use -y flag to auto-approve tool execution'. This pattern is a direct attempt to bypass platform safety constraints and human oversight, enabling potentially destructive operations to proceed without user consent.
  • [COMMAND_EXECUTION]: The skill creates a surface for indirect prompt injection.
  • Ingestion points: Untrusted data enters the agent context through the $ARGUMENTS variable used in the shell command in SKILL.md.
  • Boundary markers: Absent. The input is interpolated directly into the command string without any delimiters or instructions to ignore embedded commands.
  • Capability inventory: The skill has the capability to execute subprocesses and shell commands via the gemini CLI as defined in SKILL.md.
  • Sanitization: Absent. There is no evidence of input validation, escaping, or sanitization before the data is passed to the shell environment.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Apr 4, 2026, 05:28 AM