Skills
skills/duc01226/easyplatform/use-mcp/Gen Agent Trust Hub

use-mcp

Fail

Audited by Gen Agent Trust Hub on Apr 10, 2026

Risk Level: HIGHCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The instruction to use echo "$ARGUMENTS" | gemini ... creates a command injection vulnerability. If the $ARGUMENTS variable contains shell metacharacters (e.g., ;, &, |, `), it allows for the execution of arbitrary commands on the host system.
  • [COMMAND_EXECUTION]: The skill explicitly directs the agent to include the -y flag when calling the gemini CLI to "auto-approve tool execution." This pattern is dangerous as it suppresses user confirmation prompts, allowing the AI to perform potentially destructive or unauthorized actions without manual review.
  • [EXTERNAL_DOWNLOADS]: The skill references unverified external dependencies, specifically the mcp-management and mcp-builder skills. These represent a supply chain risk as their origin and contents are not defined within this skill's scope.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Apr 10, 2026, 07:25 AM