flipswitch-setup
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (HIGH): The skill instructs users to install a third-party MCP server from 'https://mcp.flipswitch.io/mcp' and install various SDKs (e.g., '@flipswitch-io/sdk', 'flipswitch-sdk'). These sources are outside the trusted scope, introducing supply-chain risks.\n- [REMOTE_CODE_EXECUTION] (HIGH): The skill exhibits a dangerous indirect injection surface by fetching code snippets from a remote MCP tool ('get_sdk_setup_snippet') and writing them directly to the filesystem (Step 9) without sanitization or review. \n
- Ingestion point: Tool output from 'mcp__flipswitch__get_sdk_setup_snippet'. \n
- Capability inventory: 'Write' tool for file creation, 'Bash' for package installation. \n
- Sanitization: None; the agent writes the remote API response directly to project files. \n- [COMMAND_EXECUTION] (MEDIUM): Utilizes 'Bash' and 'Write' tools to modify the local environment and install dependencies based on external instructions.\n- [DATA_EXFILTRATION] (LOW): Retrieves and processes SDK API keys from a remote server. While functional for the service, it involves handling sensitive credentials via an untrusted third-party endpoint.
Recommendations
- AI detected serious security threats
Audit Metadata