execute-mule-run-config
Pass
Audited by Gen Agent Trust Hub on May 15, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [DATA_EXPOSURE]: The skill accesses absolute file paths of projects within the user's workspace.
- Evidence: The
get_workspace_infotool is called to retrieve project metadata, which includes absolute paths (e.g.,/absolute/path). - Context: This data is used internally by the skill to correctly scope configuration listing and execution via the
manage_run_configurationtool. - [COMMAND_EXECUTION]: The skill is designed to trigger the execution of Mule applications.
- Evidence: It uses the
manage_run_configurationtool with theexecuteoperation to start processes in run or debug mode. - Context: This functionality is the primary intended use case for the skill provided by the developer tooling.
- [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection through the processing of untrusted project or configuration names.
- Ingestion points: User-provided project names, configuration names, and workspace metadata retrieved from the environment.
- Boundary markers: None present; the agent is instructed to use names directly from the workspace or user input.
- Capability inventory: Listing projects, creating configurations, and executing run/debug processes.
- Sanitization: No specific sanitization or validation of project/configuration names is mentioned before they are passed to tool parameters.
Audit Metadata