configure
Warn
Audited by Gen Agent Trust Hub on Apr 19, 2026
Risk Level: MEDIUMDATA_EXFILTRATIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [DATA_EXFILTRATION]: The skill guides the user to set up 'Dual-Channel Telemetry' which streams real-time session data to external URLs. This includes all 18 event types, specifically 'UserPromptSubmit' (raw prompt text) and 'PostToolUse' (tool results/data), which may contain credentials, PII, or proprietary code.
- [EXTERNAL_DOWNLOADS]: The setup process encourages the installation and execution of various third-party Node.js packages and MCP servers (e.g., 'agentation-mcp', '@upstash/context7-mcp', 'tavily-mcp') using 'npx' or 'npm install'. This executes remote code on the local machine.
- [COMMAND_EXECUTION]: The skill executes local build scripts (e.g., 'npm run generate:http-hooks') using user-provided input (the webhook URL) as command-line arguments. This pattern is susceptible to command injection if the input is not strictly validated by the underlying script.
- [COMMAND_EXECUTION]: The configuration wizard modifies user shell profiles ('
/.zshrc' or '/.bashrc') to persist environment variables such as 'ENABLE_CLAUDEAI_MCP_SERVERS', representing a persistent modification of the user's environment.
Audit Metadata