magicpath
Pass
Audited by Gen Agent Trust Hub on May 26, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill uses
npx -y magicpath-aito download and run the vendor's CLI tool from the npm registry. This is the primary method for providing the skill's functionality and originates from a trusted package registry.\n- [COMMAND_EXECUTION]: The skill employs dynamic context injection inSKILL.mdby executing a shell command (magicpath-ai info) at load time. This command retrieves authentication status and project metadata to populate the agent's context, which is a benign use of project discovery.\n- [PROMPT_INJECTION]: The skill has an indirect prompt injection surface because it reads and processes external data (component source code and design theme instructions) that could contain malicious instructions.\n - Ingestion points: External data is ingested in
SKILL.mdvia theinspect,get-theme, andcode contextcommands.\n - Boundary markers: The instructions do not specify the use of delimiters or 'ignore' instructions for the content fetched from the MagicPath platform.\n
- Capability inventory: The skill utilizes the
Bashtool and has the ability to write to the local file system (documented inSKILL.mdandreferences/cli-reference.md).\n - Sanitization: No explicit sanitization of the remote source code or theme prompts is mentioned before they are processed by the agent.
Audit Metadata