mtr
Warn
Audited by Gen Agent Trust Hub on Mar 18, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill provides installation instructions for the mtr utility using standard system package managers such as apt and dnf.
- [COMMAND_EXECUTION]: The skill provides numerous command examples that utilize sudo to run mtr with elevated privileges. This is required for the tool to access raw sockets for specialized network probing (TCP, UDP, and raw ICMP), which constitutes high-privilege command execution.
- [PROMPT_INJECTION]: The skill has an indirect prompt injection surface as it processes and displays untrusted network data, such as hostnames from reverse DNS (PTR) lookups and AS numbers from external services. Ingestion points: Target hostnames provided by users and network-returned data from intermediate hops (SKILL.md, cheatsheet.md). Boundary markers: Absent. Output is displayed without delimiters. Capability inventory: Execution of mtr via subprocess, including privileged modes (SKILL.md). Sanitization: Absent.
Audit Metadata