matlab-assess-toolbox

Pass

Audited by Gen Agent Trust Hub on Jun 16, 2026

Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill is designed to execute MATLAB code to assess toolbox health and run tests.
  • Evidence: Uses mcp__matlab__evaluate_matlab_code and mcp__matlab__run_matlab_test_file to check coverage and verify test success.
  • Control: All execution is scoped to the primary purpose of the skill, and the instructions explicitly prohibit writing or creating files until the user provides approval for specific fixes.
  • [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection as it reads and processes user-controlled project files.
  • Ingestion points: Reads .m files, README.md, and metadata during the assessment phase (Step 2).
  • Boundary markers: No specific delimiters or instructions to ignore embedded prompts in source files are defined.
  • Capability inventory: Access to evaluate_matlab_code provides high capability for executing logic derived from file analysis.
  • Sanitization: No explicit sanitization or escaping of file content before prompt interpolation is described.
  • Mitigation: The skill has a "Read-only until approved" rule that cannot be overridden by prompts, ensuring a human-in-the-loop checkpoint before the agent acts on findings.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 16, 2026, 09:26 AM
Security Audit — agent-trust-hub — matlab-assess-toolbox