matlab-agentic-toolkit-setup
Pass
Audited by Gen Agent Trust Hub on May 13, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Fetches the MATLAB MCP server binary and checks for updates using official GitHub repositories and APIs.
- [REMOTE_CODE_EXECUTION]: Download s an executable from a trusted repository, sets execution permissions, and runs it to verify installation.
- [COMMAND_EXECUTION]: Uses shell commands and internal scripts to identify system state, manage local configuration files, and register the toolkit with agent CLI tools.
- [PROMPT_INJECTION]: The skill proces ses external system data such as MATLAB version info and agent config files, presenting a surface for indirect prompt injection.
- Ingestion points: MATLAB VersionInfo.xml (Phase 1c), agent configuration files (Phase 1e, Phase 3b).
- Boundary marker s: Absent when presenting discovered information or executing commands.
- Capability inventory: curl, chmod, mv, rm, binary execution, and configuration file writes (SKILL.md, scripts/install-global-skill s.sh).
- Sanitization: Uses standard JSON and TOML parsing for configuration files but lacks explicit sanitization of discovered text data.
Audit Metadata