morph-apply
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (HIGH): The skill utilizes
uv run python -m runtime.harnessto execute a local scriptscripts/mcp/morph_apply.pythat modifies files on the system. This provides a direct mechanism for arbitrary file writes and potential code injection into the application's codebase. - [PROMPT_INJECTION] (HIGH): This skill is highly susceptible to Indirect Prompt Injection (Category 8).
- Ingestion points: The
--instructionand--code_editparameters serve as primary vectors where untrusted data enters the agent context. - Boundary markers: There are no boundary markers or sanitization protocols defined to prevent the agent from obeying instructions embedded within the code snippets it is asked to apply.
- Capability inventory: The skill possesses significant file-write capabilities across the filesystem.
- Sanitization: No evidence of input validation or escaping for the instructions or code edits.
- [DATA_EXFILTRATION] (MEDIUM): Although not directly exfiltrating data, the ability to modify source code allows an attacker to inject 'phone-home' logic into existing scripts, which can then be used to exfiltrate environment variables or sensitive files.
Recommendations
- AI detected serious security threats
Audit Metadata