Skills
NYC
skills/thebushidocollective/han/gluestack-mcp-tools/Gen Agent Trust Hub

gluestack-mcp-tools

Fail

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: HIGHCREDENTIALS_UNSAFECOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
  • [CREDENTIALS_UNSAFE] (HIGH): The skill documentation explicitly instructs users to set sensitive secrets directly in shell commands via environment variables (export GITHUB_TOKEN="your-token-here"). This practice leads to secrets being stored in plaintext command history files (.bash_history, etc.) and environment logs, which is a major security risk.
  • [COMMAND_EXECUTION] (MEDIUM): The skill requests the Bash tool in its allowed-tools list. While this is used for environment configuration, it represents a high-impact capability that significantly increases the attack surface if the agent is influenced by malicious data.
  • [DATA_EXFILTRATION] (LOW): The combination of Read permissions and network-based operations (GitHub API access) creates a potential path for data exfiltration, particularly since the skill processes external component code that could contain malicious instructions.
  • [PROMPT_INJECTION] (LOW): The skill is vulnerable to Indirect Prompt Injection (Category 8).
  • Ingestion points: Component source code and metadata are retrieved via get_component and get_component_metadata from external sources (GitHub or local paths).
  • Boundary markers: Absent. The skill does not define delimiters or safety instructions for processing retrieved code.
  • Capability inventory: The skill has access to Bash, Write, Edit, and Read tools.
  • Sanitization: Absent. There is no evidence of validation or filtering for the retrieved component content before it enters the agent context.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 17, 2026, 06:13 PM