matlab-assess-toolbox
Pass
Audited by Gen Agent Trust Hub on Jun 16, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill is designed to execute MATLAB code to assess toolbox health and run tests.
- Evidence: Uses
mcp__matlab__evaluate_matlab_codeandmcp__matlab__run_matlab_test_fileto check coverage and verify test success. - Control: All execution is scoped to the primary purpose of the skill, and the instructions explicitly prohibit writing or creating files until the user provides approval for specific fixes.
- [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection as it reads and processes user-controlled project files.
- Ingestion points: Reads
.mfiles,README.md, and metadata during the assessment phase (Step 2). - Boundary markers: No specific delimiters or instructions to ignore embedded prompts in source files are defined.
- Capability inventory: Access to
evaluate_matlab_codeprovides high capability for executing logic derived from file analysis. - Sanitization: No explicit sanitization or escaping of file content before prompt interpolation is described.
- Mitigation: The skill has a "Read-only until approved" rule that cannot be overridden by prompts, ensuring a human-in-the-loop checkpoint before the agent acts on findings.
Audit Metadata