sequential-thinking
Pass
Audited by Gen Agent Trust Hub on Apr 8, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill configuration and documentation specify the use of the
@modelcontextprotocol/server-sequential-thinkingpackage vianpx. This is an official, well-known package within the Model Context Protocol ecosystem used to facilitate structured reasoning. - [COMMAND_EXECUTION]: The main execution script
scripts/main.cjsincludes logic to spawn a local Python script (executor.py) located within the project's.claudedirectory. The implementation usesshell: falseandwindowsHide: true, which are security best practices for preventing shell injection and unauthorized command execution. - [PROMPT_INJECTION]: The
SKILL.mdfile contains 'Iron Laws' and a 'Memory Protocol' that use imperative language (e.g., 'NEVER', 'ALWAYS') to enforce the sequential thinking process. These are evaluated as benign instructional guidelines intended to ensure the agent follows the logical framework, rather than attempts to bypass security filters or override system safety protocols.
Audit Metadata