Skills
skills/machina-sports/sports-skills/world-cup/Gen Agent Trust Hub

world-cup

Pass

Audited by Gen Agent Trust Hub on Jun 12, 2026

Risk Level: SAFEREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The skill includes an installation option that downloads a shell script from the author's GitHub repository and pipes it directly to the bash shell for execution: curl -fsSL https://raw.githubusercontent.com/machina-sports/machina-cli/main/install.sh | bash. This is a vendor-owned resource used for legitimate installation.
  • [EXTERNAL_DOWNLOADS]: Provides instructions to download and install the machina-cli package from the Python Package Index using pip install machina-cli.
  • [COMMAND_EXECUTION]: The skill requires the agent to execute several local shell commands to manage authentication and project configuration, such as machina login, machina project use, and machina auth whoami.
  • [PROMPT_INJECTION]: The skill functions by ingesting external data from a hosted MCP server (fixtures, market prices, and social sentiment), creating a surface for potential Indirect Prompt Injection.
  • Ingestion points: Data returned by tools like worldcup-search-markets and worldcup-fan-sentiment-context (as described in SKILL.md).
  • Boundary markers: The instructions do not define explicit delimiters or instructions to ignore embedded commands in the tool outputs.
  • Capability inventory: The skill interacts with the local system via machina-cli subprocess calls.
  • Sanitization: There is no documentation of sanitization or validation performed on the external data before it is presented to the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 12, 2026, 07:42 PM
Security Audit — agent-trust-hub — world-cup