dumbwaiter-mcp
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill has an attack surface for indirect prompt injection as it is designed to ingest and process PR comments from GitHub, which may contain adversarial instructions.
- Ingestion points: Pull Request comment bodies, review content, and reactions are ingested when the
comment_receivedcondition is active inSKILL.md. - Boundary markers: The skill does not define delimiters or specific 'ignore previous instruction' headers for the external data it processes.
- Capability inventory: The skill's tools (
wait.start,wait.status,wait.cancel,wait.await) are limited to monitoring and reporting state changes via the MCP server. - Sanitization: No explicit sanitization, filtering, or validation of the fetched comment content is mentioned in the skill definition.
Audit Metadata