Skills
skills/zpankz/mcp-skillset/schema/Gen Agent Trust Hub

schema

Warn

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • Persistence Mechanisms (MEDIUM): The install.sh script modifies ~/.zshrc or ~/.bashrc to permanently export a new PATH including ~/bin. Evidence: install.sh lines 61-68.\n- Privilege Escalation (MEDIUM): The installation script creates an executable wrapper in ~/bin and changes its permissions with chmod +x. Evidence: install.sh lines 48-52.\n- External Downloads (LOW): The skill downloads the en_core_web_sm model using spaCy during installation. Evidence: install.sh line 44.\n- Indirect Prompt Injection (LOW): The skill ingests untrusted data from various file formats which could contain malicious instructions designed to influence the LLM enrichment layer.\n
  • Ingestion points: scripts/schema_cli.py loads file content.\n
  • Boundary markers: No delimiters or warnings are used for ingested content.\n
  • Capability inventory: Local file writing, template processing with Jinja2, and subprocess execution in the install script.\n
  • Sanitization: No escaping or validation is performed on the ingested data before template interpolation.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 17, 2026, 06:29 PM