matlab-write-help
Pass
Audited by Gen Agent Trust Hub on Jun 22, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructions include a process for resolving file paths by constructing a MATLAB command string (
foundName = which("$file")) and executing it via themcp__matlab__evaluate_matlab_codetool. This dynamic assembly of commands from user-supplied arguments is a potential injection vector if the input is not sanitized. - [PROMPT_INJECTION]: As the skill is designed to read, analyze, and edit user-provided
.mfiles, it possesses an inherent surface for indirect prompt injection. Malicious instructions placed inside comments or code in the processed files could potentially attempt to influence the agent's behavior. - Ingestion points: File content is read into context during the analysis phase (Step 2 of the Process in SKILL.md).
- Boundary markers: None; content is processed directly to identify function signatures and behavior.
- Capability inventory: The skill is authorized to use
Read(*),Edit(*),Bash(matlab *), andmcp__matlab__evaluate_matlab_code(*)tools. - Sanitization: No specific sanitization or filtering of the file content is performed prior to processing.
Audit Metadata