Skills
skills/sumik5/sumik-claude-plugin/using-anki-mcp/Gen Agent Trust Hub

using-anki-mcp

Pass

Audited by Gen Agent Trust Hub on Mar 6, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill instructions direct the user to install an Anki addon from the official AnkiWeb repository using the ID 124672614. This addon is required to host the MCP server locally.
  • [COMMAND_EXECUTION]: The toolset enables the agent to perform extensive operations on the local Anki application, including modifying notes, altering CSS styling via update_model_styling, and controlling the GUI through the gui_* suite of tools.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection through its data ingestion mechanisms.
  • Ingestion points: Untrusted data enters the agent context from the local Anki database via tools like find_notes, notes_info, and present_card as documented in INSTRUCTIONS.md and TOOLS-REFERENCE.md.
  • Boundary markers: No explicit delimiters or instructions to ignore embedded commands within the flashcard content are provided to the agent.
  • Capability inventory: The agent possesses significant capabilities including writing media files to the filesystem (store_media_file), updating application records (update_note_fields), and interacting with the GUI (gui_browse, gui_edit_note).
  • Sanitization: There is no evidence of sanitization or validation of the retrieved flashcard content before it is processed by the agent's reasoning engine.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 6, 2026, 02:12 PM