Skills
skills/jpoutrin/product-forge/add-mcp-tool/Gen Agent Trust Hub

add-mcp-tool

Fail

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • Indirect Prompt Injection (HIGH): The skill is designed to ingest untrusted data from an interactive session and use it to modify project source code.
  • Ingestion points: Interactive user prompts for 'Tool name', 'Description', 'Parameters', and 'Enum values'.
  • Boundary markers: None. The instructions do not define delimiters or warnings for the agent to ignore embedded instructions in the user input.
  • Capability inventory: The skill can locate files (Glob/Grep), modify existing TypeScript files (e.g., src/server.ts), and create new files in the project structure.
  • Sanitization: None. The skill uses templates like {{description}} to directly insert user strings into Zod schema descriptions and source code blocks.
  • Dynamic Execution (HIGH): The skill generates TypeScript code at runtime and performs file-write operations to integrate this code into the active project. This bypasses typical code review processes and can be exploited to inject backdoors or malicious logic if the agent is manipulated by carefully crafted inputs during the interactive session.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 17, 2026, 08:00 AM