knowledge
Warn
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill fetches the '@codemcp/knowledge' package from the npm registry during execution using the npx command. This source is not included in the trusted vendors list.- [REMOTE_CODE_EXECUTION]: The downloaded package is executed immediately using 'npx'. Since the package version is not pinned and the source is not a trusted vendor, this represents a risk of running unverified code.- [PROMPT_INJECTION]: The skill's primary function is to ingest and query external documentation, creating an attack surface for indirect prompt injection if the source material contains malicious instructions.
- Ingestion points: External documentation and knowledge bases accessed via the MCP server.
- Boundary markers: Absent; the skill does not define specific delimiters or instructions for the agent to ignore commands within the retrieved data.
- Capability inventory: Queries and retrieves information from documentation stores to be processed by the agent.
- Sanitization: Not specified; the skill lacks explicit validation or filtering for the content it retrieves.
Audit Metadata