matlab-write-help

Pass

Audited by Gen Agent Trust Hub on Jun 22, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill instructions include a process for resolving file paths by constructing a MATLAB command string (foundName = which("$file")) and executing it via the mcp__matlab__evaluate_matlab_code tool. This dynamic assembly of commands from user-supplied arguments is a potential injection vector if the input is not sanitized.
  • [PROMPT_INJECTION]: As the skill is designed to read, analyze, and edit user-provided .m files, it possesses an inherent surface for indirect prompt injection. Malicious instructions placed inside comments or code in the processed files could potentially attempt to influence the agent's behavior.
  • Ingestion points: File content is read into context during the analysis phase (Step 2 of the Process in SKILL.md).
  • Boundary markers: None; content is processed directly to identify function signatures and behavior.
  • Capability inventory: The skill is authorized to use Read(*), Edit(*), Bash(matlab *), and mcp__matlab__evaluate_matlab_code(*) tools.
  • Sanitization: No specific sanitization or filtering of the file content is performed prior to processing.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 22, 2026, 11:14 AM
Security Audit — agent-trust-hub — matlab-write-help