mcp-detector
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOWCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [Command Execution] (LOW): The skill instructs the agent to execute a Python script using user input as a command-line argument (
python scripts/detect_mcp.py "用户查询内容"). This creates a potential risk of command injection if the agent's execution environment fails to properly escape shell metacharacters (such as;,&, or|) provided within the user query.- [Indirect Prompt Injection] (LOW): The skill creates a surface for indirect prompt injection by processing untrusted data to influence tool selection. - Ingestion points: User queries are ingested via
sys.stdinorsys.argvinscripts/detect_mcp.py. - Boundary markers: None. The script processes raw strings without delimiters or instructions to ignore embedded commands.
- Capability inventory: The script produces JSON recommendations that guide the agent's decision on which MCP tools (like
web_searchorgrep_app) to invoke next. - Sanitization: The script performs minimal cleaning by removing markdown code blocks, but does not validate or sanitize input to prevent users from intentionally triggering specific tool recommendations via keyword stuffing.
Audit Metadata