agentation
Warn
Audited by Gen Agent Trust Hub on Jun 27, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The script
scripts/setup-agentation-mcp.shmodifies platform-specific configuration files in the user's home directory, including~/.claude/claude_desktop_config.json,~/.codex/config.toml,~/.gemini/settings.json, and~/.config/opencode/opencode.jsonto register the MCP server. - [REMOTE_CODE_EXECUTION]: The skill facilitates remote code execution by recommending the use of
npx -y agentation-mcp serverandnpx skills add benjitaylor/agentation -gto download and run code from unverified sources. - [EXTERNAL_DOWNLOADS]: Instructions include the installation of the
agentationpackage from the NPM registry. - [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface because it processes external UI feedback data (comments, element selectors) that the agent may interpret as instructions.
- Ingestion points: Data enters the context via UI annotation packets and the
agentation_watch_annotationstool as described inSKILL.mdandreferences/watch-loop-and-self-driving.md. - Boundary markers: Absent; there are no instructions to use delimiters or ignore embedded instructions when processing feedback packets.
- Capability inventory: The skill possesses extensive capabilities including
Bash,Write, andReadtools, as defined in theSKILL.mdfrontmatter. - Sanitization: Absent; the skill lacks any described validation or sanitization logic for the content of processed annotations.
Audit Metadata