ieee-search-mcp
Warn
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes a Node.js script using external data from search results as command-line arguments. Evidence: In SKILL.md, the command
node ../ccf-rank/scripts/query_ccf_rank.mjs "<venue or journal>"interpolates strings directly from IEEE search results. This presents a command injection risk if the strings contain shell metacharacters. - [COMMAND_EXECUTION]: The skill references and executes a script from a sibling directory (
../ccf-rank/scripts/query_ccf_rank.mjs), which is outside the skill's package boundaries. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection through its ingestion of untrusted external content. 1. Ingestion points: Paper titles and venue names from IEEE Xplore search results in SKILL.md. 2. Boundary markers: The interpolation uses double quotes, which provides insufficient protection against crafted inputs. 3. Capability inventory: Browser control via MCP and shell command execution via Node.js. 4. Sanitization: No explicit sanitization or validation of the input strings is performed before execution.
Audit Metadata