mcdonalds-coupons
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCREDENTIALS_UNSAFE
Full Analysis
- [PROMPT_INJECTION] (HIGH): The skill is highly vulnerable to Indirect Prompt Injection (Category 8). 1. Ingestion points: External content is retrieved from mcp.mcd.cn in mcd-mcp.py (lines 80-125). 2. Boundary markers: Absent; the script does not use delimiters to separate API data from instructions. 3. Capability inventory: High; the skill is designed for Claude Code, which possesses terminal and file-writing permissions. 4. Sanitization: Absent; the tool returns raw text strings from the API directly to the agent.
- [CREDENTIALS_UNSAFE] (MEDIUM): The token-manager.py script handles MCP authentication tokens stored in ~/.mcd-tokens.json. While it sets file permissions to 0600 (line 39), the storage of plaintext third-party tokens on the local filesystem represents a sensitive data exposure risk.
- [COMMAND_EXECUTION] (LOW): The skill requires the agent to execute local Python and Bash scripts (mcd-mcp.py, mcd-mcp.sh). While these scripts are currently benign, this pattern establishes a trust relationship that could be exploited if the agent is manipulated into running modified versions.
Recommendations
- AI detected serious security threats
Audit Metadata