mcp-shrimp-execution-loop
Pass
Audited by Gen Agent Trust Hub on Feb 21, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill processes task descriptions and executes commands based on them, which is a significant attack surface.
- Ingestion points: Loading existing tasks into the execution loop (SKILL.md).
- Boundary markers: Absent; there are no instructions to differentiate task data from agent instructions.
- Capability inventory: Full access to Bash () and MCP tools () (SKILL.md).
- Sanitization: Absent; no validation or escaping is provided for content processed during the loop.
- [Command Execution] (LOW): The skill explicitly requires Bash (*) permissions for its core function of executing and verifying changes (SKILL.md). This capability is intended for the use case but remains a high-risk surface.
Audit Metadata