Skills
skills/zpankz/mcp-skillset/grounding-router/Gen Agent Trust Hub

grounding-router

Warn

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION] (MEDIUM): The SKILL.md and references/composition-patterns.md files define shell command templates for several integrations (e.g., limitless, pdf-search, research, screenapp) using string interpolation for variables like {topic}, {tags}, and {id}. If the AI agent populates these variables with untrusted input and executes them in a shell, it could lead to arbitrary command execution.
  • [COMMAND_EXECUTION] (LOW): The scripts/preflight.py script employs asyncio.create_subprocess_shell to check the status of required CLIs. While the commands in the script are currently hardcoded, the use of shell-mediated execution is a less secure practice than direct process spawning.
  • [EXTERNAL_DOWNLOADS] (LOW): The skill depends on a wide array of specialized external CLI tools (limitless, research, pieces, pdf-search, pdf-brain, pex, screenapp). These are unverifiable dependencies that the skill's instructions require to be pre-installed and available for execution on the host environment.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 17, 2026, 06:28 PM