Skills
skills/mthds-ai/skills/mthds-share/Gen Agent Trust Hub

mthds-share

Pass

Audited by Gen Agent Trust Hub on Mar 17, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes the mthds-agent CLI to verify its version and to generate sharing URLs for various social media platforms. It also utilizes system commands (open, xdg-open, or start) to launch the generated URLs in the user's web browser.
  • [EXTERNAL_DOWNLOADS]: The skill includes instructions for the user to manually install or update the mthds package via the NPM registry if the local version is missing or outdated. This package is the primary tool required for the skill's functionality and is provided by the same vendor.
  • [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection through the processing of repository addresses and URLs returned by the CLI.
  • Ingestion points: Untrusted data enters via the repository address input and the sharing URLs provided by the CLI (SKILL.md).
  • Boundary markers: The URLs are wrapped in double quotes when passed to the browser-opening commands to mitigate shell injection (SKILL.md).
  • Capability inventory: The skill has the capability to execute shell commands (mthds-agent, open, xdg-open, start) across multiple steps (SKILL.md).
  • Sanitization: There is no explicit input validation or filtering beyond the use of double quotes for URL execution (SKILL.md).
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 17, 2026, 09:28 AM