Skills
skills/indranilbanerjee/digital-marketing-pro/connect/Gen Agent Trust Hub

connect

Warn

Audited by Gen Agent Trust Hub on May 15, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The skill instructions direct the agent to run a local Python script using user-supplied input as a command-line argument.
  • Evidence: The process steps 1 and 2 instruct the agent to: Execute python3 scripts/connector-status.py --action setup-guide --name <connector> and Execute python3 scripts/connector-status.py --action check --name <connector>.
  • Context: The <connector> placeholder is populated with user input. If the agent does not sanitize this input, a malicious user could provide strings containing shell metacharacters (e.g., ;, &, |) to execute arbitrary commands on the host system.
  • [EXTERNAL_DOWNLOADS]: The skill guides users to configure 'npx' connectors, which involve runtime code execution from external registries.
  • Evidence: The 'Process' section describes setup paths for npx connectors like Google Ads, Meta, and Salesforce, including adding entries to .mcp.json that use npx.
  • Context: While standard for Model Context Protocol (MCP) servers, npx downloads and executes packages from the npm registry at runtime, which introduces a dependency on the integrity of the remote packages.
Audit Metadata
Risk Level
MEDIUM
Analyzed
May 15, 2026, 01:58 PM
Security Audit — agent-trust-hub — connect