board-webmcp
Pass
Audited by Gen Agent Trust Hub on Apr 1, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill downloads and executes the
@webmcp-bridge/local-mcppackage from the NPM registry usingnpxwithin theensure-links.shscript. - [COMMAND_EXECUTION]: The
ensure-links.shscript dynamically constructs and executes a command string usinguxc linkto register theboard-webmcp-clitool. It utilizes ashell_joinhelper to handle argument escaping. - [DATA_EXFILTRATION]: The skill manages browser session data and persistence by creating and accessing a dedicated directory at
~/.uxc/webmcp-profile/board. This is used to maintain the state of the board bridge sessions. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it processes untrusted data from a shared public board.
- Ingestion points: Data enters the agent context through
board-webmcp-cli nodes.listandboard-webmcp-cli edges.listas documented inSKILL.md. - Boundary markers: No explicit delimiters or boundary instructions are used when processing the board state.
- Capability inventory: The skill provides the ability to modify the board state and execute layout algorithms through
board-webmcp-clisubcommands (upsert, apply). - Sanitization: No explicit sanitization or validation of the board data is performed before it is interpreted by the agent.
Audit Metadata