mkn-constructor
Pass
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: SAFE
Full Analysis
- EXTERNAL_DOWNLOADS (LOW): The skill facilitates the download and installation of agent templates from remote Git repositories via the
import_template_from_gitcommand inreferences/install.md. This is a standard feature for a template manager but represents a remote code ingestion point. - COMMAND_EXECUTION (LOW): The skill utilizes Model Context Protocol (MCP) commands to interact with the local filesystem and Docker environment (e.g.,
import_template_from_local,search_agents). These operations are restricted to the local environment and are necessary for the skill's deployment functions. - DATA_EXPOSURE (SAFE):
references/analyze.mdandreferences/secrets.mdcontain instructions for managing credentials. However, the skill encourages the use of vault-based secrets (the$TEMP_CONTEXT_VARIABLE_pattern) rather than hardcoded credentials, following security best practices for the Machina platform. - DYNAMIC_EXECUTION (LOW): As described in
schemas/mapping.md, the skill supports Python-based data transformations within workflow tasks. While this involves dynamic evaluation, it is a core component of the Machina DSL used for data mapping and is managed by the underlying execution engine. - INDIRECT_PROMPT_INJECTION (LOW): The skill possesses a data ingestion surface (Git repositories, local files) and significant capabilities (MCP commands, file writing).
- Ingestion points:
references/install.md(Git/Local paths). - Boundary markers: Not explicitly defined in the provided schema files.
- Capability inventory: File writing, secret creation, and agent/workflow execution via MCP.
- Sanitization: Validation steps are defined in
references/validate.mdto ensure YAML structure compliance, though these primarily focus on syntax rather than malicious instruction filtering.
Audit Metadata