Skills
skills/mthds-ai/skills/check/Gen Agent Trust Hub

check

Pass

Audited by Gen Agent Trust Hub on Feb 25, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill invokes the mthds-agent CLI tool to validate local .mthds files. This is a vendor-authorized tool used for its intended purpose. Evidence: The execution of mthds-agent pipelex validate in Step 2 of the process description.
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it parses and interprets content from external .mthds files. 1. Ingestion points: Untrusted data enters the context when the agent reads the .mthds file in Step 1. 2. Boundary markers: No delimiters or explicit instructions to ignore embedded commands are specified. 3. Capability inventory: The skill can execute CLI commands and report findings to the user. 4. Sanitization: No input validation or sanitization of the file content is performed prior to processing.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 25, 2026, 11:48 PM