flipswitch-create
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (LOW): The skill instructs the user to install an MCP server from https://mcp.flipswitch.io/mcp. Although this is the primary purpose of the skill, the domain is not in the predefined trusted source list. Finding severity is downgraded because it is a manual user action associated with the skill's intended use.\n- [COMMAND_EXECUTION] (LOW): The skill provides a terminal command (claude mcp add) for the user to execute. This involves a human-in-the-loop, which mitigates the risk of automated malicious execution.\n- [PROMPT_INJECTION] (LOW): The skill uses the Read Glob tool to inspect the project structure (e.g., package.json, go.mod) for language detection, creating a surface for indirect prompt injection.\n
- Ingestion points: Local file system structure and file existence checks via Read Glob.\n
- Boundary markers: None present in the instructions to prevent the model from following instructions found within detected files.\n
- Capability inventory: Access to network-enabled MCP tools (authenticate, create_flag) and file system discovery tools.\n
- Sanitization: No sanitization or validation of the file discovery results is mentioned before the data is used to drive logic.
Audit Metadata