mcp-cli
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONNO_CODE
Full Analysis
- Indirect Prompt Injection (LOW): The skill provides access to external data that may contain malicious instructions. 1. Ingestion points: Files and API data read via mcp-cli. 2. Boundary markers: Absent in the documentation. 3. Capability inventory: Filesystem access, database interaction, and arbitrary tool execution. 4. Sanitization: Not specified; tool output is processed directly.
- Command Execution (LOW): Documentation examples show piping tool output to 'sh -c' (e.g., in the TypeScript file reading example). This pattern is a vulnerability surface if the output being piped is not strictly validated, as it could lead to command injection.
Audit Metadata