shengwang-integration
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill downloads official SDKs, tools, and sample projects from the AgoraIO, AgoraIO-Community, and Shengwang-Community GitHub organizations. These are recognized vendor repositories for the Shengwang/Agora platform.
- [COMMAND_EXECUTION]: The skill instructs the agent to use
git cloneto pull official code libraries into the workspace. It also performs automated configuration by writing to the.kiro/settings/mcp.jsonfile to install the Agora Doc MCP server, which is an official tool for documentation access. - [PROMPT_INJECTION]: The skill processes user-provided use-case descriptions and answers to configure product integrations. This is identified as a surface for indirect prompt injection.
- Ingestion points: Use case descriptions in
intake/README.mdand user configuration choices inintake/convoai.md. - Boundary markers: No explicit delimiters or boundary instructions are used to wrap user input before processing.
- Capability inventory: File system access for config updates, git cloning, and tool execution via the MCP interface.
- Sanitization: User input is processed as natural language without explicit validation or filtering logic.
Audit Metadata