miriad-core
Warn
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill provides explicit instructions for the agent to use sudo to modify system configuration files and install software within sandbox environments, such as removing repository source lists or installing the GitHub CLI.
- [REMOTE_CODE_EXECUTION]: The execute tool allows for the dynamic orchestration of tool calls using JavaScript. The skill also describes using mcpcli from the vendor's repository to run stdio MCP servers within sandboxes.
- [EXTERNAL_DOWNLOADS]: The skill guides the agent to install tools such as agent-browser from Vercel Labs and third-party packages like fal-mcp-server from public registries.
- [PROMPT_INJECTION]: The skill has a large attack surface for indirect prompt injection due to its web fetching and data processing capabilities. (1) Ingestion: web_fetch, agent-browser, and dataset_query. (2) Boundaries: Delimiters or 'ignore embedded instructions' warnings are absent in the prompt examples. (3) Capability Inventory: includes subprocess calls (sandbox_exec), file-write operations, and network requests. (4) Sanitization: Redaction of secrets is mentioned, but general content sanitization is absent.
Audit Metadata