quiet-shell
Warn
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill downloads the
@codemcp/quiet-shellpackage from the npm registry during execution. - [REMOTE_CODE_EXECUTION]: The package is executed using
npx -y, which bypasses user confirmation and runs code from a package scope (@codemcp) that is not affiliated with the skill author (mrsimpson) or recognized as a trusted organization. - [COMMAND_EXECUTION]: Because the tool is designed to wrap shell commands, the unverified remote code has direct interaction with the host system's shell environment.
- [PROMPT_INJECTION]: The skill's primary function of processing and suppressing shell output creates a vulnerability to indirect prompt injection.
- Ingestion points: Standard output and error streams from shell commands executed via the skill in SKILL.md.
- Boundary markers: No specific delimiters or instructions exist to notify the agent to ignore instructions that might be embedded in the filtered command output.
- Capability inventory: The skill is explicitly granted the capability to execute shell commands using the
quiet-shelltool. - Sanitization: There is no evidence of output validation or sanitization to prevent the agent from interpreting command output as instructions.
Audit Metadata