Skills
skills/hatayama/uloopmcp/uloop-get-menu-items/Gen Agent Trust Hub

uloop-get-menu-items

Pass

Audited by Gen Agent Trust Hub on Mar 6, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTIONNO_CODE
Full Analysis
  • [COMMAND_EXECUTION]: The skill facilitates the execution of the uloop CLI tool on the local system. It accepts various flags, such as --project-path, to specify project locations and filter menu items.
  • [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface by ingesting untrusted data through user-defined parameters.
  • Ingestion points: Arguments provided to the uloop get-menu-items command, specifically --filter-text and --project-path.
  • Boundary markers: The documentation does not specify delimiters or instructions to separate user input from the command structure.
  • Capability inventory: Local command execution via the uloop binary.
  • Sanitization: No sanitization or validation logic is defined within the skill's metadata.
  • [NO_CODE]: The skill consists entirely of markdown documentation and does not contain any executable scripts or binary files.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 6, 2026, 10:08 AM