logistics-tracking
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONCREDENTIALS_UNSAFE
Full Analysis
- External Downloads & Remote Code Execution (HIGH): The skill configures an MCP server using
npx -y @shopme/logistics-tracking-mcp. This command downloads and executes a package from the npm registry at runtime. The organization '@shopme' is not a trusted source, presenting a risk of arbitrary code execution. - Indirect Prompt Injection (MEDIUM): The skill ingests external content from logistics providers via the 17track API or RTB56.
- Ingestion points: Data enters via the
track_packageandbatch_tracktools which return tracking status and timelines. - Boundary markers: None identified in the prompt templates.
- Capability inventory: The skill uses a Node.js environment capable of network requests and command execution (via npx).
- Sanitization: There is no evidence of sanitization for the tracking strings before they are presented to the agent.
- Credentials Unsafe (LOW): The skill requires a
TRACK17_API_KEYto be stored in environment variables. While this is a common pattern for API integration, the combination with an untrusted external package increases the risk of credential exfiltration.
Recommendations
- AI detected serious security threats
Audit Metadata