Skills
skills/sirkirby/unifi-mcp/setup/Gen Agent Trust Hub

setup

Fail

Audited by Gen Agent Trust Hub on Apr 29, 2026

Risk Level: HIGHCOMMAND_EXECUTIONCREDENTIALS_UNSAFE
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses powershell -ExecutionPolicy Bypass to run a configuration script on Windows systems, which bypasses local script execution policies.
  • [COMMAND_EXECUTION]: User-provided data (hostname, username, password) is interpolated directly into shell and PowerShell command strings. Without explicit sanitization instructions, this creates an attack surface for command injection if a user provides malicious input.
  • [CREDENTIALS_UNSAFE]: The skill passes administrative credentials, including local admin passwords and experimental API keys, as plaintext command-line arguments to scripts. Command-line arguments are typically visible to other users on the system via process monitoring tools and may be stored in shell history files.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Apr 29, 2026, 07:49 PM
Security Audit — agent-trust-hub — setup