MCP Lookup
Pass
Audited by Gen Agent Trust Hub on Feb 21, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill ingests and processes untrusted data from external files in
/docs/mcp/. - Ingestion points: Markdown and text files located within the
/docs/mcp/directory. - Boundary markers: None. The instructions do not specify any delimiters or system-level warnings to distinguish documentation content from agent instructions.
- Capability inventory: The skill performs file system scanning, keyword searching (grep), and data retrieval.
- Sanitization: There is no evidence of sanitization or filtering of the content retrieved from the documentation files before it is presented to the agent's context.
- [Command Execution] (LOW): The skill description mentions using "grep" for keywords derived directly from the user's prompt. This creates a potential surface for command injection if the underlying agent implementation executes shell commands without properly escaping or validating the user-supplied search terms.
Audit Metadata