Skills
skills/parcadei/continuous-claude-v3/mcp-chaining/Gen Agent Trust Hub

mcp-chaining

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFECOMMAND_EXECUTIONCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION] (LOW): The skill is designed to run research and implementation pipelines using the Bash tool. While intrinsic to its functionality, this capability allows for general command execution on the host system.
  • [CREDENTIALS_UNSAFE] (LOW): The documentation explicitly describes a pattern for passing the host's full os.environ to subprocesses to ensure API keys (e.g., from ~/.claude/.env) are available to MCP tools. This broad exposure of sensitive environment variables to third-party tools is a potential security risk if a tool is compromised.
  • [PROMPT_INJECTION] (LOW): As an indirect injection surface (Category 8), the skill ingests untrusted data from external sources via tools like nia__search (documentation) and ast-grep__find_code (source code). This data is used to inform downstream implementation steps, creating a path for malicious instructions embedded in documentation or codebases to influence agent behavior.
  • Ingestion points: nia__search, ast-grep__find_code, morph__warpgrep_codebase_search.
  • Boundary markers: None specified in the provided snippets.
  • Capability inventory: Bash execution, file reading (Read).
  • Sanitization: None mentioned for the interpolated tool outputs.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 06:00 PM