lecture-designer
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (HIGH): The mcp/google-docs-mcp-setup.md file contains instructions to clone a repository from an untrusted source (https://github.com/nealcaren/google-docs-mcp.git). This source is not included in the predefined list of trusted GitHub organizations or repositories.
- [REMOTE_CODE_EXECUTION] (HIGH): The setup guide directs the user to run npm install, npm run build, and npm start on the cloned repository. This sequence allows the execution of arbitrary code defined in the remote repository's build and start scripts.
- [COMMAND_EXECUTION] (HIGH): The installation process involves executing multiple shell commands (git clone, npm, cp) which interact with the local filesystem and network, potentially allowing for system-level compromise if the source repository contains malicious scripts.
- [Indirect Prompt Injection] (LOW): The skill processes untrusted external data (textbooks, readings) to generate slides. * Ingestion points: phases/phase0-context.md and phases/phase1-narrative.md instruct the agent to read chapter material. * Boundary markers: Absent. No delimiters or instructions to ignore embedded prompts are provided. * Capability inventory: The skill uses the Google Docs MCP to create and edit presentations (createPresentation, addSlide, insertTextToSlide). * Sanitization: Absent. The skill does not validate or sanitize input content before processing it into slide content.
Recommendations
- AI detected serious security threats
Audit Metadata