Skills
skills/mcp-com-ai/api-to-mcp-skills/swagger-to-mcp/Gen Agent Trust Hub

swagger-to-mcp

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: CRITICALREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONCREDENTIALS_UNSAFE
Full Analysis
  • [Remote Code Execution] (CRITICAL): The skill's setup instructions in SKILL.md and README.md explicitly direct users to execute curl -fsSL https://get.mcp.com.ai/hapi.sh | bash (Linux/macOS) and irm https://get.mcp.com.ai/hapi.ps1 | iex (Windows). These patterns allow arbitrary code execution from a third-party domain that is not within the Trusted External Sources scope.
  • [Indirect Prompt Injection] (HIGH):
  • Ingestion points: The skill ingests untrusted data from remote URLs via the --openapi flag in SKILL.md and references/hapi-cli-commands.md.
  • Boundary markers: No boundary markers or sanitization instructions are provided to the agent for handling these specifications.
  • Capability inventory: The skill has powerful capabilities including hapi deploy (Cloudflare), docker run, and wrangler (Cloudflare).
  • Sanitization: None. A malicious OpenAPI specification could contain instructions to influence the agent's behavior or exploit the deployment environment.
  • [Command Execution] (HIGH): The skill requests broad permissions for Bash(curl:*), Bash(hapi:*), Bash(docker:*), and Bash(wrangler:*), allowing for significant system-level operations.
  • [Credentials Unsafe] (MEDIUM): The skill facilitates the handling of secrets through the --var API_KEY=... flag in hapi deploy and uses hapi login for OAuth, creating a risk of credential exposure in process trees or logs.
Recommendations
  • CRITICAL: Downloads and executes remote code from untrusted source(s): https://get.mcp.com.ai/hapi.sh - DO NOT USE
  • AI detected serious security threats
Audit Metadata
Risk Level
CRITICAL
Analyzed
Feb 16, 2026, 04:26 AM