research
Fail
Audited by Gen Agent Trust Hub on Mar 24, 2026
Risk Level: HIGHCREDENTIALS_UNSAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [CREDENTIALS_UNSAFE]: The skill explicitly instructs the agent to read
~/.claude/claude_desktop_config.json. This configuration file for the Model Context Protocol (MCP) is a known location for storing sensitive authentication tokens and API keys in plaintext for various integrated services. - [PROMPT_INJECTION]: The research workflow is highly susceptible to indirect prompt injection due to its core function of ingesting and processing untrusted data from the public web.
- Ingestion points: Untrusted data enters the agent context from diverse sources including LinkedIn, Glassdoor, Indeed, G2, Reddit, and GitHub repositories.
- Boundary markers: The skill lacks instructions for using delimiters or boundary markers to isolate external data from the agent's core instructions.
- Capability inventory: The skill uses tools for web fetching and API communication (
httpx) and produces structured analysis that influences technical and business decisions. - Sanitization: There are no provided instructions to sanitize, escape, or validate external content before the agent processes it.
- [EXTERNAL_DOWNLOADS]: The 'MCP Discovery Workflow' encourages searching for and potentially utilizing 'community servers' found on GitHub. This introduces a supply chain risk, as it promotes the execution of unverified third-party code that could be malicious.
Recommendations
- AI detected serious security threats
Audit Metadata