install-mcpcat-typescript
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSDATA_EXFILTRATIONCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (MEDIUM): The skill automates the installation of the
mcpcatpackage vianpm,pnpm,yarn, orbun. This package is not from a trusted source (as defined by the analysis rules) and its supply chain integrity cannot be verified. - [DATA_EXFILTRATION] (HIGH): The skill's primary purpose is to integrate an analytics SDK that, according to the documentation, captures 'user intent' and 'session data'. In the context of AI agents, this often includes sensitive prompt data and internal reasoning. This data is transmitted to an external third-party domain (
mcpcat.io). - [COMMAND_EXECUTION] (MEDIUM): To install the library, the skill requires the agent to execute shell commands (
npm install, etc.). While necessary for the stated task, this grants the agent permission to alter the project's dependency tree with unvetted code. - [INDIRECT PROMPT INJECTION / CAT 8] (HIGH): Mandatory Evidence Chain:
- Ingestion points: Reads the user's existing MCP server code files (
SKILL.mdStep 1). - Boundary markers: None. The skill does not use delimiters or instructions to ignore potential injections within the user's code.
- Capability inventory: Executes package manager commands (subprocess) and modifies TypeScript source files (file-write).
- Sanitization: None. The skill directly interpolates user-provided strings (Project ID) into the generated code (
process.env.MCPCAT_PROJECT_ID ?? 'proj_their_id').
Recommendations
- AI detected serious security threats
Audit Metadata