Skills
skills/yonatangross/orchestkit/mcp-advanced-patterns/Gen Agent Trust Hub

mcp-advanced-patterns

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • COMMAND_EXECUTION (HIGH): In SKILL.md, the query_data tool example directly executes a sql parameter using app_ctx.db.query(sql). This promotes a highly insecure practice where an agent could be manipulated into executing arbitrary database commands if the sql string is influenced by an attacker.
  • PROMPT_INJECTION (HIGH): The Tool Composition patterns in SKILL.md and references/tool-composition.md facilitate data passing between tools in a pipeline. There are no provided mechanisms or instructions for sanitizing untrusted input, creating an indirect prompt injection surface where attacker-controlled data could influence sensitive downstream tools. Mandatory Evidence Chain (Category 8): 1. Ingestion point: sql argument in query_data (SKILL.md) and input_data in ComposedTool.execute. 2. Boundary markers: None present. 3. Capability inventory: Database execution (db.query). 4. Sanitization: None present.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 12:42 AM