mcp-attribution-worktree
Pass
Audited by Gen Agent Trust Hub on May 18, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: The skill processes data from a local API (
http://127.0.0.1:5174/api/attributions) to drive decision-making and automated code repairs, which represents a potential surface for indirect prompt injection. - Ingestion points: Issue details, notes, and run traces are fetched from the local report API as described in
references/report-api-workflow.md. - Boundary markers: The instructions do not define specific delimiters or instructions to ignore potential commands embedded within the API data.
- Capability inventory: The skill has extensive capabilities including repository modification via
wt(Worktrunk), issue/PR management viagh(GitHub CLI), and network operations viacurlto update the local API. - Sanitization: No explicit sanitization or validation rules are defined for the data retrieved from the local API before it is used in command arguments (e.g., branch slugs) or code modifications.
- [COMMAND_EXECUTION]: The skill relies on standard development CLI tools (
ghandwt) to perform its tasks. These operations are scoped to theTencentCloudBase/CloudBase-MCPrepository and isolated worktrees, which is consistent with the skill's stated purpose as a maintenance tool for the author's own project.
Audit Metadata