mcp
Pass
Audited by Gen Agent Trust Hub on Jun 16, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes shell commands to verify the presence of development tools on the local system.
- Evidence: Uses
command -vwithin a bash block inSKILL.mdto check foruvx,npx, andcccbinaries. - [EXTERNAL_DOWNLOADS]: The skill manages and recommends the installation of various tools from public package registries.
- Evidence: The
Pre-Configured MCP Stackandaddsections inSKILL.mdreference packages such ascodebase-memory-mcp,serena, and@playwright/mcpto be executed viauvxandnpx. - [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface because it ingests data from local project files which could be manipulated to influence agent behavior.
- Ingestion points: Reads
.vscode/mcp.jsonandcontext/architecture.md(as described inSKILL.md). - Boundary markers: No explicit delimiters or instructions to ignore embedded commands are present when reading these files.
- Capability inventory: The skill can execute shell commands (status check) and write to project configuration files (
.vscode/mcp.json,.github/copilot-instructions.md). - Sanitization: Content from project files is interpolated into the agent's context without explicit validation or escaping.
Audit Metadata