mcp-code-execution
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFECOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill configuration requests the 'Bash' tool to support the execution of agent-generated scripts within the proposed architecture.
- [REMOTE_CODE_EXECUTION]: The core pattern involves runtime generation and execution of code; the skill includes a security checklist requiring sandboxed environments, execution timeouts, and resource limits to mitigate risks.
- [PROMPT_INJECTION]: The described architecture is vulnerable to indirect prompt injection. 1. Ingestion points: MCP tool responses such as document content or channel history enter the context. 2. Boundary markers: None specified in the provided logic snippets. 3. Capability inventory: The configuration allows high-privilege tools including Bash, Write, and Edit. 4. Sanitization: While PII tokenization is mentioned for data flowing to the model, no explicit sanitization of tool outputs is described before they influence the agent's code generation logic.
Audit Metadata