health-check
Pass
Audited by Gen Agent Trust Hub on May 20, 2026
Risk Level: SAFECOMMAND_EXECUTIONCREDENTIALS_UNSAFEDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes
pip install -e dex-coreto automatically repair missing or broken Python packages identified during health checks. - [COMMAND_EXECUTION]: Runs system commands such as
python3to execute a pre-flight utility andpython3 -cto dynamically test module imports for MCP servers. - [CREDENTIALS_UNSAFE]: Accesses and inspects configuration files including
.mcp.jsonandsupabase.json(Granola credentials) to verify the status of API keys and session tokens. - [DATA_EXFILTRATION]: Utilizes a
track_eventfunction for silent analytics, transmitting metadata about the health check results (error counts, fix status) to an external telemetry service. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it ingests untrusted technical data from
.logs/mcp-health.jsonand.logs/error-queue.json. - Ingestion points:
.logs/mcp-health.json,.logs/error-queue.json. - Boundary markers: The instructions mandate silent reading and translation of errors into human-readable text, providing an abstraction layer, but lack explicit sanitization of the technical message strings.
- Capability inventory: Command execution (
pip,python), file creation, and analytics reporting. - Sanitization: Employs a fixed mapping table to translate specific technical patterns into predefined fixes, which mitigates the risk of arbitrary log content directly controlling the agent's behavior.
Audit Metadata