nia-docs
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- COMMAND_EXECUTION (SAFE): The skill executes a local script
scripts/mcp/nia_docs.pyusinguv run. This is a standard method for tool invocation and doesn't show signs of arbitrary command injection vulnerability in its documentation. - PROMPT_INJECTION (LOW): The skill is vulnerable to Indirect Prompt Injection (Category 8).
- Ingestion points: Untrusted data is ingested from public package registries (npm, PyPI, Crates, Go) via documentation and code snippet search.
- Boundary markers: No delimiters or explicit instructions to ignore embedded commands in the retrieved data are present in the skill definition.
- Capability inventory: The skill permits use of the
BashandReadtools, which could be exploited if an attacker poisons documentation with malicious instructions that the agent then follows. - Sanitization: There is no evidence of sanitization or filtering of the retrieved content before it is presented to the agent.
Audit Metadata