Skills
NYC
skills/smithery-ai/skills/unicorn-or-bust/Gen Agent Trust Hub

unicorn-or-bust

Warn

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS] (MEDIUM): The skill references an external MCP server at 'https://server.smithery.ai/@smithery/unicorn/mcp'. As Smithery is not included in the defined list of trusted organizations or repositories, this dependency is considered unverifiable.
  • [PROMPT_INJECTION] (LOW): The skill exhibits an indirect prompt injection surface (Category 8). It ingests untrusted data from the user in the form of 'Founder Name' and 'Pitch'.
  • Ingestion points: SKILL.md instructions for the 'start_game' function (Step 1).
  • Boundary markers: Absent. The user input is directly interpolated into the game setup.
  • Capability inventory: The skill calls 'start_game' and 'play_turn' via the MCP server; capabilities are limited to game state management and narration.
  • Sanitization: None specified. Malicious instructions in the 'Pitch' could attempt to influence the agent's narration style or the logic of the external MCP server.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 16, 2026, 12:33 PM