grpc
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- Indirect Prompt Injection (HIGH): The skill creates a significant attack surface by combining untrusted data ingestion with high-privilege execution capabilities.\n
- Ingestion points: The 'Documentation Resources' section in SKILL.md directs the agent to use
mcp__context7__query-docsto retrieve live content from external websites.\n - Boundary markers: Absent. There are no instructions or delimiters provided to ensure the agent ignores or isolates potential instructions embedded in the fetched documentation.\n
- Capability inventory: The skill explicitly allows the use of
Bash,Write, andEdittools, which provides the agent with the necessary permissions to execute commands or modify source code based on malicious external input.\n - Sanitization: Absent. No validation or filtering mechanisms are defined to sanitize the content retrieved from external documentation sources.
Recommendations
- AI detected serious security threats
Audit Metadata