jwt
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (HIGH): The skill creates a significant vulnerability surface by directing the agent to ingest untrusted external data and act upon it using powerful system tools.
- Ingestion points: External documentation is retrieved at runtime using the
mcp__context7__query-docstool based on instructions in the 'Documentation Resources' section. - Capability inventory: The agent is authorized to use
Bash,Edit, andWritetools, providing the ability to execute arbitrary shell commands and modify the codebase. - Boundary markers: The skill fails to provide any delimiters or instructions for the agent to ignore or isolate potential instructions embedded within the external documentation.
- Sanitization: There are no mechanisms described for validating or sanitizing the content of the external documentation before the agent interprets and applies it to the system configuration.
Recommendations
- AI detected serious security threats
Audit Metadata