Skills
skills/tencentcloudbase/cloudbase-mcp/mcp-attribution-worktree/Gen Agent Trust Hub

mcp-attribution-worktree

Pass

Audited by Gen Agent Trust Hub on Apr 5, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [PROMPT_INJECTION]: The skill contains an indirect prompt injection surface as it ingests and processes AI execution traces and results which may contain untrusted instructions. Evidence chain:
  • Ingestion points: Fetches run results and traces from the local report API as documented in references/report-api-workflow.md.
  • Boundary markers: The instructions do not mandate the use of delimiters or instructions to ignore embedded commands when processing trace content.
  • Capability inventory: The skill has the capability to modify the filesystem using wt and perform GitHub repository operations using gh as shown in references/worktree-repair.md.
  • Sanitization: No explicit validation or sanitization of the trace content is mentioned before it is used to guide repair decisions.
  • [COMMAND_EXECUTION]: The skill utilizes the wt (Worktrunk) and gh (GitHub CLI) command-line utilities to manage isolated worktrees, create issues, and submit pull requests within the repository maintenance workflow.
  • [EXTERNAL_DOWNLOADS]: The skill communicates with a local report API at http://127.0.0.1:5174 and interacts with the official TencentCloudBase/CloudBase-MCP GitHub repository. These represent documented vendor resources used for the intended purpose of the skill.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 5, 2026, 06:58 AM