magicpath

Pass

Audited by Gen Agent Trust Hub on May 26, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill uses npx -y magicpath-ai to download and run the vendor's CLI tool from the npm registry. This is the primary method for providing the skill's functionality and originates from a trusted package registry.\n- [COMMAND_EXECUTION]: The skill employs dynamic context injection in SKILL.md by executing a shell command (magicpath-ai info) at load time. This command retrieves authentication status and project metadata to populate the agent's context, which is a benign use of project discovery.\n- [PROMPT_INJECTION]: The skill has an indirect prompt injection surface because it reads and processes external data (component source code and design theme instructions) that could contain malicious instructions.\n
  • Ingestion points: External data is ingested in SKILL.md via the inspect, get-theme, and code context commands.\n
  • Boundary markers: The instructions do not specify the use of delimiters or 'ignore' instructions for the content fetched from the MagicPath platform.\n
  • Capability inventory: The skill utilizes the Bash tool and has the ability to write to the local file system (documented in SKILL.md and references/cli-reference.md).\n
  • Sanitization: No explicit sanitization of the remote source code or theme prompts is mentioned before they are processed by the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
May 26, 2026, 04:01 PM
Security Audit — agent-trust-hub — magicpath