create-mcp
Warn
Audited by Gen Agent Trust Hub on May 16, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses 'chmod +x' to modify file permissions for generated shell scripts in the 'core/mcp/' directory, which allows for the execution of dynamically created content.
- [COMMAND_EXECUTION]: Instructs the user to modify the 'claude_desktop_config.json' system configuration file to register and execute the newly generated MCP server scripts.
- [REMOTE_CODE_EXECUTION]: Generates functional Python and Bash scripts based on user-provided descriptions and prompts the user to execute them (e.g., 'pip install', 'python script.py'). This pattern constitutes local code generation and execution.
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by ingesting untrusted user input (service descriptions and use cases) and interpolating it directly into code templates and system documentation without explicit sanitization or boundary markers.
- Ingestion points: Phase 1 and Phase 2 user responses describing the service and data.
- Boundary markers: Absent.
- Capability inventory: File system writes to 'core/mcp/', 'CLAUDE.md', and 'Dex_System_Guide.md'; shell script generation.
- Sanitization: None specified for user-provided service names or use case strings.
Audit Metadata