setup
Pass
Audited by Gen Agent Trust Hub on May 2, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill initiates the installation of the 'agentation-mcp' package via npm during the optional integrations phase (Phase 10).
- [COMMAND_EXECUTION]: The wizard uses shell commands for environment detection, such as checking the Claude version and counting file lines, and executes a local script ('generate-http-hooks.ts') to configure webhooks.
- [PROMPT_INJECTION]: The skill processes project manifest files (e.g., 'package.json', 'pyproject.toml') during the scan phase (Phase 1) to recommend skills. This creates an indirect prompt injection surface as these files are part of the untrusted project codebase. Evidence: Ingestion occurs in 'scan-phase.md' using 'Read' and 'Glob' tools; Capability inventory includes 'Bash' and 'npm install'; No sanitization or boundary markers are specified for the ingested content.
- [DATA_EXFILTRATION]: The skill facilitates the setup of a telemetry system that sends session events to an external webhook URL. This is mitigated by a mandatory consent gate (Phase 9) that explains the data collection and requires the user to provide or confirm the destination URL.
Audit Metadata