Skills
skills/wgpsec/aboutsecurity/mcp-security/Gen Agent Trust Hub

mcp-security

Warn

Audited by Gen Agent Trust Hub on May 4, 2026

Risk Level: MEDIUMPROMPT_INJECTIONDATA_EXFILTRATIONREMOTE_CODE_EXECUTION
Full Analysis
  • [OBFUSCATION]: The file references/mcp-attack-payloads.md contains Base64 encoded instructions that, when decoded, direct the agent to exfiltrate .env files to an external server.
  • [OBFUSCATION]: The skill demonstrates hiding malicious instructions using ANSI escape sequences (\x1b[8m) to make text invisible in terminal outputs while remaining readable by AI models.
  • [OBFUSCATION]: Provides Python code and methodology for using zero-width Unicode characters (U+200B, etc.) and Unicode Tag characters to embed hidden instructions in tool descriptions.
  • [DATA_EXFILTRATION]: Payload examples specifically target highly sensitive files including ~/.ssh/id_rsa, ~/.env, and /etc/passwd, with instructions to send them to attacker.com domains.
  • [PROMPT_INJECTION]: Contains instructions designed to bypass agent constraints using high-priority delimiters such as <IMPORTANT>, <SYSTEM>, and [INST] within tool metadata.
  • [DATA_EXFILTRATION]: Describes 'Shadow Tool' attacks where a malicious MCP server's tool description hijacks the behavior of other trusted tools to redirect data (e.g., changing email recipients).
Audit Metadata
Risk Level
MEDIUM
Analyzed
May 4, 2026, 08:15 AM