Skills
skills/mylesmcook/mcook-skills/sunpeak-mcp-inspect/Gen Agent Trust Hub

sunpeak-mcp-inspect

Pass

Audited by Gen Agent Trust Hub on Apr 19, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill is designed to automatically discover and execute shell commands defined in local project manifests (e.g., npm run dev:inspect or dev:stop found in package.json). This is a core functionality for developer tooling but involves executing scripts that may be defined in external codebases.
  • [PROMPT_INJECTION]: The skill creates a surface for indirect prompt injection by reading untrusted data from local repository files to guide its logic.
  • Ingestion points: The skill reads package.json, README.md, and other local documentation files to discover startup paths and configuration.
  • Boundary markers: Absent; the instructions do not specify the use of delimiters or isolation protocols when interpreting data from these external files.
  • Capability inventory: The skill possesses the ability to execute local subprocesses, perform HTTP polling, and use browser or computer control primitives.
  • Sanitization: Absent; there is no explicit instruction to validate or sanitize the commands or URLs discovered within the project artifacts before use.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 19, 2026, 08:50 PM