t2000-mcp
Warn
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires the installation of a global Node.js package '@t2000/cli' from npm. This package is from a source not included in the trusted vendors list, and its security cannot be verified through static analysis of the skill.
- [COMMAND_EXECUTION]: The skill configures the AI platform to execute the 't2000' command. This allows the agent to interact with the local system and perform high-risk financial operations such as 't2000_send' and 't2000_exchange'.
- [PROMPT_INJECTION]: The skill demonstrates an attack surface for indirect prompt injection. It ingests untrusted data from transaction histories and contact lists, combined with powerful tools to move funds. There are no boundary markers or sanitization logic specified to prevent embedded instructions in the ingested data from influencing agent behavior.
Audit Metadata