add-integration
Fail
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONCREDENTIALS_UNSAFEEXTERNAL_DOWNLOADS
Full Analysis
- [UNVERIFIABLE_DEPENDENCIES_AND_REMOTE_CODE_EXECUTION]: The skill facilitates the installation and execution of arbitrary third-party code from the npm registry. It specifically suggests using npx to run packages found during searches, which can lead to the execution of malicious or unverified code on the local system.\n- [DATA_EXPOSURE_AND_EXFILTRATION]: The skill identifies and accesses highly sensitive local file paths. It is designed to read from and manage directories like
~/.claude-marketing/credentials/and.envfiles, which typically contain API keys, access tokens, and other authentication secrets.\n- [DYNAMIC_EXECUTION]: The skill performs runtime execution of newly added MCP servers to verify connectivity. This involves starting a server and running operations (e.g., listing tools, fetching account info) based on the code downloaded from external sources.\n- [INDIRECT_PROMPT_INJECTION]: The skill possesses a significant attack surface for indirect prompt injection.\n - Ingestion points: Reads data from the npm registry (package names, descriptions) and local configuration files (
profile.json,.mcp.json).\n - Boundary markers: None identified; external data is processed directly into the agent's context.\n
- Capability inventory: Executes shell commands via
npxand interacts with local file systems and network APIs.\n - Sanitization: No evidence of input validation or escaping for the data fetched from the npm registry or third-party tool definitions.
Recommendations
- AI detected serious security threats
Audit Metadata