tools-mdbase
Warn
Audited by Gen Agent Trust Hub on Mar 2, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill documentation and examples rely on
npx mdbase, which triggers the download of themdbasepackage from the public NPM registry during execution. - [REMOTE_CODE_EXECUTION]: By using
npxto execute a package that is not pinned to a specific version and originates from a third-party developer (callumalpass) outside the trusted vendor list, the skill introduces a risk of remote code execution if the package is compromised. - [COMMAND_EXECUTION]: The skill involves the execution of various shell commands, including
npx,ls, andxargs, to perform operations like querying, updating, and validating the local file system. - [PROMPT_INJECTION]: The skill has a surface for indirect prompt injection (Category 8) because it reads and processes user-controlled markdown and YAML files.
- Ingestion points: The
npx mdbase query,npx mdbase read, andnpx mdbase validatecommands ingest data from local.mdand.yamlfiles. - Boundary markers: The files use standard YAML frontmatter delimiters (
---), but there are no specific instructions to the agent to disregard instructions found within the data fields or markdown body. - Capability inventory: The skill can execute shell commands, create/modify/rename files, and export data to external formats (CSV/JSON).
- Sanitization: There is no evidence of input sanitization or validation to prevent the agent from acting on instructions embedded in the processed files.
Audit Metadata