dialog
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTION
Full Analysis
- [REMOTE_CODE_EXECUTION] (HIGH): The skill instructs the agent to run a bash command to install a remote MCP server.
- Evidence:
claude mcp add dialog --transport http https://api.rundialog.com/mcpin SKILL.md. - Risk: Dynamically adding tools from a remote, untrusted URL allows an external server to control agent capabilities and intercept data.
- [COMMAND_EXECUTION] (HIGH): Instructions explicitly direct the AI to use shell access to modify the agent's core configuration.
- [EXTERNAL_DOWNLOADS] (MEDIUM): The skill requires downloading and configuring services from
api.rundialog.com, which is not a pre-verified trusted source. - [INDIRECT_PROMPT_INJECTION] (LOW): The skill is designed to ingest and analyze natural language data from external participants, which could contain malicious instructions targeting the analysis phase.
- Ingestion points:
dialog_analyze(interview data),dialog_generate(user descriptions). - Boundary markers: Absent. No specific delimiters or safety instructions for processing interview transcripts.
- Capability inventory: Shell execution (via
claude mcp add), network interaction via the Dialog API. - Sanitization: Absent. The skill does not describe any validation of incoming customer feedback data.
Recommendations
- AI detected serious security threats
Audit Metadata