meegle-mcp
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCREDENTIALS_UNSAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [Data Exposure & Exfiltration] (HIGH): The skill transmits sensitive
MEEGLE_USER_KEYandMEEGLE_MCP_KEYas query parameters in the URL withinscripts/mcp-proxy.js. Credentials sent via query strings are often leaked in server logs and proxy records. - [Persistence Mechanisms] (HIGH): The
scripts/setup.shscript modifies user shell profiles (~/.bashrc,~/.zshrc,~/.bash_profile) to store API keys as environment variables. While intended for convenience, this persists sensitive data in plaintext across sessions. - [Indirect Prompt Injection] (HIGH): The skill has a high-severity vulnerability surface.
- Ingestion points: Data enters the agent context via API responses from
project.larksuite.comprocessed inscripts/mcp-proxy.js. - Boundary markers: None identified. External content is not delimited from agent instructions.
- Capability inventory: The skill can create projects, update tasks, move workflow stages, and manage team members (as described in
SKILL.mdandREADME.md). - Sanitization: No sanitization or validation of the external API content is performed before returning it to the agent.
- [Privilege Escalation] (MEDIUM): The
scripts/setup.shscript automatically applieschmod +xto internal scripts. While common for setup, this modification of file permissions is a privilege-related action.
Recommendations
- AI detected serious security threats
Audit Metadata