minecraft-fabric-dev
Pass
Audited by Gen Agent Trust Hub on Mar 15, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill provides workflows for decompiling Minecraft versions and remapping JAR files using MCP servers. These tasks involve executing external processes and accessing the local file system to process mod files and Minecraft source code.
- [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection as it ingests untrusted external data.
- Ingestion points: The
analyze_mod_jartool reads external JAR files, andget_fabric_docfetches documentation from external repositories. - Boundary markers: The instructions do not define boundary markers or delimiters for data ingested from mod files or documentation.
- Capability inventory: The skill has the capability to read file contents (
get_minecraft_source), perform code analysis (analyze_mixin), and modify files (remap_mod_jar). - Sanitization: There is no mention of sanitization or filtering for content retrieved from external sources before it is processed by the agent.
Audit Metadata