airtable
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires the
mcp-skillandfastmcpPython packages to handle MCP communication and authentication. - [DATA_EXFILTRATION]: The skill establishes network connections to the official Airtable service at
https://mcp.airtable.com/mcpfor its primary operations. - [DATA_EXFILTRATION]: The application accesses the local file system path
~/.mcp-skill/auth/to store OAuth tokens, which is necessary for maintaining authenticated sessions. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it ingests data from external Airtable records which could contain malicious instructions intended to manipulate the agent.
- Ingestion points: Untrusted data enters the agent context through the
list_bases,list_tables_for_base,get_table_schema, andlist_records_for_tablemethods inapp.py. - Boundary markers: The skill does not implement boundary markers or instructions to ignore embedded content when presenting retrieved data to the model.
- Capability inventory: The skill possesses both read and write capabilities (
create_records_for_table,update_records_for_table), creating a risk if an injected instruction triggers an automated write operation. - Sanitization: No sanitization or validation is performed on the data retrieved from the Airtable API before it is processed by the agent.
Audit Metadata