Skills
skills/flipswitch-io/skills/flipswitch-toggle/Gen Agent Trust Hub

flipswitch-toggle

Warn

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • EXTERNAL_DOWNLOADS (MEDIUM): The skill directs users to add an MCP server from 'https://mcp.flipswitch.io/mcp'. As this domain is not on the trusted source list, it constitutes a dependency on an unverified third party.
  • COMMAND_EXECUTION (MEDIUM): The skill provides a specific shell command for the user to run ('claude mcp add...') which installs the remote tool transport into the agent's environment.
  • INDIRECT PROMPT INJECTION (LOW): The skill is susceptible to indirect prompt injection. 1. Ingestion points: Data from 'mcp__flipswitch__list_organizations', 'mcp__flipswitch__list_projects', and 'mcp__flipswitch__list_flags'. 2. Boundary markers: Absent. 3. Capability inventory: 'mcp__flipswitch__toggle_flag' tool for state modification. 4. Sanitization: None detected for remote data strings.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 17, 2026, 06:34 PM