Skills
skills/fabio-barboza/development-orchestrator/do-shared/Gen Agent Trust Hub

do-shared

Pass

Audited by Gen Agent Trust Hub on May 8, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONNO_CODE
Full Analysis
  • [SAFE]: The skill contains no executable scripts or binary files, serving exclusively as a technical documentation and procedural guide for the agent.
  • [COMMAND_EXECUTION]: The discovery procedure in do-mcp-discovery-instructions.md instructs the agent to dynamically assemble and call tool names based on the server names found in project configuration files (e.g., mcp__<server-name>__). While this is standard MCP behavior, it involves dynamic tool selection based on external input.
  • [PROMPT_INJECTION]: The skill defines a surface for indirect prompt injection by processing project-specific configuration data at runtime.
  • Ingestion points: .mcp.json, .vscode/mcp.json, and .cursor/mcp.json (referenced in do-mcp-discovery-instructions.md).
  • Boundary markers: Absent; the instructions do not provide delimiters to isolate the configuration data from the agent's logic.
  • Capability inventory: Includes capabilities for web automation (Playwright), messaging systems (RabbitMQ), and dynamic tool invocation defined in do-mcp-capabilities.md.
  • Sanitization: Absent; no validation or sanitization steps are defined for the configuration data ingested from the environment.
Audit Metadata
Risk Level
SAFE
Analyzed
May 8, 2026, 02:50 AM
Security Audit — agent-trust-hub — do-shared