Skills
skills/jezweb/claude-skills/mcp-cli-scripts/Gen Agent Trust Hub

mcp-cli-scripts

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION] (LOW): The provided TypeScript template defines an attack surface for indirect prompt injection as it facilitates reading external data.
  • Ingestion points: templates/script-template.ts (line 51, parsed.input = args[++i]).
  • Boundary markers: Absent; the template provides a skeleton without predefined security delimiters.
  • Capability inventory: fs.writeFileSync (line 144) and console.log (line 150) in templates/script-template.ts.
  • Sanitization: Absent; users are expected to implement their own validation and sanitization for data read from files.
  • [EXTERNAL_DOWNLOADS] (SAFE): The skill recommends installing tsx (v4.21.0), which is a reputable and standard development tool for executing TypeScript files directly.
  • [COMMAND_EXECUTION] (SAFE): The provided templates include standard Node.js file system operations (fs.writeFileSync) necessary for the skill's stated purpose of creating CLI tools that can save results to files.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 04:43 PM