Skills
NYC
skills/smithery/ai/mcp-cli/Gen Agent Trust Hub

mcp-cli

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
  • [Command Execution] (HIGH): The skill documentation includes examples that pipe external tool output directly into shell commands via sh -c. Evidence: Use of xargs -I {} sh -c to process file paths in SKILL.md. This is a classic shell injection vector if the tool output contains malicious shell metacharacters.
  • [Indirect Prompt Injection] (HIGH): The skill lacks security controls for processing data from external MCP servers. 1. Ingestion: mcp-cli tool outputs are fed back into the agent context. 2. Boundary markers: Absent in instructions. 3. Capability: Filesystem, API, and DB interaction via the CLI. 4. Sanitization: No evidence of escaping or validation.
  • [Data Exposure] (MEDIUM): The tool is designed to expose local files and databases to the model, which can be misused to access sensitive credentials or private information like ~/.ssh or environment variables if the agent is misled by external data.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 06:34 AM