Skills
skills/mthds-ai/skills/mthds-publish/Gen Agent Trust Hub

mthds-publish

Pass

Audited by Gen Agent Trust Hub on Mar 18, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill instructs the agent to run the mthds-agent CLI to check its version and publish method packages. These commands are essential for the skill's primary function and involve the vendor's own command-line utility.
  • [EXTERNAL_DOWNLOADS]: The documentation advises users to install or update the mthds package via the npm registry. This is a standard procedure for maintaining the required CLI tool version and uses a well-known, trusted service.
  • [PROMPT_INJECTION]: The skill processes input such as GitHub repository addresses and local file paths, which presents a surface for indirect prompt injection. * Ingestion points: GitHub repository identifiers and local file paths in SKILL.md. * Boundary markers: No explicit delimiters or ignore-instructions are provided for the input parameters in the command templates. * Capability inventory: The skill executes CLI commands using mthds-agent as defined in SKILL.md. * Sanitization: The process relies on the validation logic within the mthds-agent CLI tool to handle and sanitize external inputs.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 18, 2026, 10:18 PM