mcp-mastery
Fail
Audited by Gen Agent Trust Hub on Mar 29, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill uses authoritative markers such as 'THE LAW', 'non-negotiable', and 'Violating these rules means you're not doing your job' to force compliance. This pattern is designed to override the agent's default operational guidelines and decision-making autonomy.
- [COMMAND_EXECUTION]: The skill includes a shell script (
scripts/inject-checklist.sh) that iterates through the filesystem (plugins/goodvibes/agents) with the intent of modifying other agent definition files (.md). This behavior constitutes an unauthorized modification of the agent's environment and a mechanism for local persistence of the skill's instructions. - [DATA_EXPOSURE]: The skill mandates the use of tools like
get_env_configandscan_for_secretsfor all tasks. These tools provide access to sensitive data such as environment variables and potential credentials. Forcing their execution in every workflow increases the risk of sensitive data exposure within the agent's context.
Recommendations
- AI detected serious security threats
Audit Metadata