Skills
skills/vibeeval/vibecosystem/mcp-chaining/Gen Agent Trust Hub

mcp-chaining

Pass

Audited by Gen Agent Trust Hub on Mar 23, 2026

Risk Level: SAFEPROMPT_INJECTIONCREDENTIALS_UNSAFECOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill architecture is designed to chain outputs from documentation search and code analysis tools into subsequent pipeline steps, creating a surface for indirect prompt injection.
  • Ingestion points: Output from tools such as nia__search, ast-grep__find_code, and morph__warpgrep_codebase_search in the pipeline scripts.
  • Boundary markers: No explicit boundary markers or delimiters for tool outputs were identified in the documented patterns.
  • Capability inventory: The skill utilizes Bash and Read tools, along with MCP capabilities for codebase editing and git status monitoring.
  • Sanitization: No explicit sanitization or validation of external search results is shown before they are aggregated into the pipeline context.
  • [CREDENTIALS_UNSAFE]: The skill documentation describes a modification to the MCP client that passes the entire host environment (os.environ) to subprocesses. This is intended to ensure tools have access to necessary API keys but increases the scope of credential exposure to any MCP tool executed by the client.
  • [COMMAND_EXECUTION]: The skill instructions demonstrate executing Python automation scripts and testing harnesses using the uv package manager within a shell environment.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 23, 2026, 09:04 AM
Security Audit — agent-trust-hub — mcp-chaining