mcp-query-playbook
Pass
Audited by Gen Agent Trust Hub on Mar 8, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill documentation includes examples of using a command-line tool
rwto configure a gateway URL and execute various financial data queries (e.g.,rw setup,rw earnings). These are provided as setup and usage instructions for the research warehouse environment. - [PROMPT_INJECTION]: The defined workflows involve ingesting external data from sources like earnings calls and research reports, which creates an indirect prompt injection surface. Malicious instructions hidden in these external documents could potentially influence the agent's analysis or subsequent queries.
- Ingestion points: The skill processes external data via
get_earnings_call,get_research_reports, andsearch_semanticacross various playbooks. - Boundary markers: The playbook does not define explicit delimiters or 'ignore embedded instructions' warnings to prevent the agent from obeying instructions found within tool outputs.
- Capability inventory: The tools identified are limited to data retrieval; no capabilities for local file modification, arbitrary code execution, or outbound network exfiltration (beyond the configured gateway) are defined in the skill logic.
- Sanitization: No evidence of sanitization, filtering, or validation of the retrieved text content is present in the skill's instructions.
Audit Metadata