desktop-commander
Pass
Audited by Gen Agent Trust Hub on Apr 7, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes tools like
mcp__desktop-commander__start_processto run shell commands and manage terminal sessions. It includes a specific warning that terminal commands can access files outside of restricted directories. - [DATA_EXFILTRATION]: It features tools to read local files and external URLs, which provides a capability to access potentially sensitive data.
- [PROMPT_INJECTION]: The skill has an indirect prompt injection surface because it reads and processes data from untrusted local files and remote URLs.
- Ingestion points: Data is ingested via
read_file,read_multiple_files, andstart_searchas documented in SKILL.md. - Boundary markers: No delimiters or isolation instructions are provided to separate untrusted data from the agent's instructions.
- Capability inventory: The skill possesses powerful capabilities including file modification and terminal execution as listed in references/desktop-commander.md.
- Sanitization: No sanitization or validation mechanisms are defined for the processed content.
Audit Metadata