install-mcpcat-python
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (HIGH): The skill reads external project files (.py, .toml, .md) and uses their content to drive code modifications and package installations. Malicious content in these files could influence the agent to perform unauthorized actions.\n
- Ingestion points: Steps 1, 3, and 4 involve reading project source files and dependency manifests.\n
- Boundary markers: None present to protect the agent from instructions embedded in user-controlled files.\n
- Capability inventory: Capability to modify source files (.py), install new packages (uv, poetry, pipenv), and execute local commands.\n
- Sanitization: No validation or sanitization is performed on the data read from project files before it is used in decision-making logic.\n- Unverifiable Dependencies (MEDIUM): The skill installs the 'mcpcat' package from an untrusted source. This package is not listed among trusted organizations or repositories.\n- Command Execution (LOW): The skill executes local commands to check package versions (pip show) and verify installation success (python -c).
Recommendations
- AI detected serious security threats
Audit Metadata