mcp-vstash
Pass
Audited by Gen Agent Trust Hub on Apr 2, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill introduces a surface for indirect prompt injection by providing tools to ingest untrusted data from documents and URLs via the
vstash_addcommand. This content is later retrieved and presented to the AI's context during query operations. - Ingestion points: The
vstash_addtool (SKILL.md) accepts file paths, directories, and remote URLs as input for indexing. - Boundary markers: The skill instructions do not specify any delimiters or instructions for the agent to treat retrieved content as data rather than instructions, potentially allowing embedded malicious text to override agent behavior.
- Capability inventory: The skill has the capability to read the local file system, fetch content from URLs, and export indexed data using
vstash_export. - Sanitization: No explicit sanitization, validation, or filtering of the ingested content is mentioned in the skill documentation.
Audit Metadata