Skills
skills/krzemienski/claude-mobile-expo/claude-mobile-metro-manager/Gen Agent Trust Hub

claude-mobile-metro-manager

Pass

Audited by Gen Agent Trust Hub on Mar 22, 2026

Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses mcp__serena__execute_shell_command to run local shell scripts (./scripts/start-metro.sh, ./scripts/stop-metro.sh) and system utilities (pkill). While central to the skill's purpose, executing shell commands based on predefined scripts carries inherent risk if those scripts are modified.- [DATA_EXFILTRATION]: The skill reveals sensitive information about the host environment by hardcoding an absolute file path: /Users/nick/Desktop/claude-mobile-expo. This exposes the username and local directory structure to the agent context.- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface. It reads untrusted data from logs/metro.log via mcp__morphllm__read_file to verify server status. Because log files can contain arbitrary output from applications or third-party dependencies, an attacker could inject instructions into the logs that the agent might interpret as commands. Evidence:
  • Ingestion points: logs/metro.log (referenced in SKILL.md)
  • Boundary markers: None defined; the agent is instructed to read the first 100 lines and check for specific strings.
  • Capability inventory: mcp__serena__execute_shell_command (referenced in SKILL.md)
  • Sanitization: None present; the agent processes raw file content.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 22, 2026, 01:19 AM