stackone-connectors
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION] (HIGH): The skill instructs users to run 'npx @modelcontextprotocol/inspector', which downloads and executes unverified code from the npm registry without version pinning or integrity checks. This source is not within the trusted scope, creating a risk of supply chain attacks.- [COMMAND_EXECUTION] (HIGH): The skill provides 'curl' command templates for interacting with the StackOne API. If an agent automatically follows these steps, it may execute shell commands containing parameters derived from external documentation, potentially leading to unauthorized operations or data leakage.- [PROMPT_INJECTION] (HIGH): The skill is vulnerable to Indirect Prompt Injection (Category 8) because it mandates fetching live content from 'docs.stackone.com' to identify available providers and actions. An attacker who compromises this documentation could inject malicious instructions that the agent then incorporates into its logic or shell commands.
- Ingestion points: SKILL.md Step 2 and Step 3 fetch documentation from 'docs.stackone.com'.
- Boundary markers: None present to distinguish documentation content from agent instructions.
- Capability inventory: Includes network access and 'curl' subprocess execution.
- Sanitization: No input validation or filtering of fetched content is performed before use.- [EXTERNAL_DOWNLOADS] (MEDIUM): The skill depends on fetching data from 'docs.stackone.com' and 'api.stackone.com', which are non-whitelisted external domains. While documented, this increases the attack surface if these endpoints are intercepted or compromised.
Recommendations
- AI detected serious security threats
Audit Metadata