frida-mcp-workflow
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (HIGH): The skill workflow (Phase 3: Execution) involves instrumenting processes and loading scripts using Frida, granting high-level control over target applications.
- [REMOTE_CODE_EXECUTION] (HIGH): The use of
load_scriptto inject agent-generated JavaScript code into active processes constitutes a mechanism for arbitrary code execution on the target system. - [PROMPT_INJECTION] (HIGH): The skill presents a high-capability indirect prompt injection surface (Category 8). Evidence Chain: 1. Ingestion points: Phase 1 (Idea) accepts untrusted user-defined objectives and target identifiers via prompt instructions. 2. Boundary markers: No explicit delimiters or 'ignore embedded instructions' warnings are enforced for the user-provided objective. 3. Capability inventory: Includes file writing (Phase 4), script generation (Phase 2), and process instrumentation/execution (Phase 3: load_script). 4. Sanitization: No logic exists to verify or sanitize user objectives or the resulting generated scripts for malicious intent.
- [DYNAMIC_EXECUTION] (MEDIUM): The skill utilizes JavaScript templates (templates/script-template.js) to construct and execute logic at runtime, which is inherently risky if the generated scripts are not strictly validated against a security policy.
Recommendations
- AI detected serious security threats
Audit Metadata