mcp-attribution-worktree

Pass

Audited by Gen Agent Trust Hub on May 18, 2026

Risk Level: SAFE
Full Analysis
  • [PROMPT_INJECTION]: The skill processes data from a local API (http://127.0.0.1:5174/api/attributions) to drive decision-making and automated code repairs, which represents a potential surface for indirect prompt injection.
  • Ingestion points: Issue details, notes, and run traces are fetched from the local report API as described in references/report-api-workflow.md.
  • Boundary markers: The instructions do not define specific delimiters or instructions to ignore potential commands embedded within the API data.
  • Capability inventory: The skill has extensive capabilities including repository modification via wt (Worktrunk), issue/PR management via gh (GitHub CLI), and network operations via curl to update the local API.
  • Sanitization: No explicit sanitization or validation rules are defined for the data retrieved from the local API before it is used in command arguments (e.g., branch slugs) or code modifications.
  • [COMMAND_EXECUTION]: The skill relies on standard development CLI tools (gh and wt) to perform its tasks. These operations are scoped to the TencentCloudBase/CloudBase-MCP repository and isolated worktrees, which is consistent with the skill's stated purpose as a maintenance tool for the author's own project.
Audit Metadata
Risk Level
SAFE
Analyzed
May 18, 2026, 04:57 PM
Security Audit — agent-trust-hub — mcp-attribution-worktree