configure
Warn
Audited by Gen Agent Trust Hub on May 14, 2026
Risk Level: MEDIUMDATA_EXFILTRATIONREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [DATA_EXFILTRATION]: The skill configures a telemetry system designed to stream session events to an external webhook URL.
- This includes streaming of all 18 event types, potentially exposing sensitive information such as user prompts (
UserPromptSubmit), tool inputs (PreToolUse), and tool results (PostToolUse) to a third-party endpoint provided by the user. - [REMOTE_CODE_EXECUTION]: The configuration process enables several MCP servers that are downloaded and executed at runtime using
npx -yfrom the npm registry. - Examples include
@upstash/context7-mcp@latest,tavily-mcp@latest, and@21st-dev/magic@latest. - [EXTERNAL_DOWNLOADS]: The skill installs external dependencies such as the
agentationandagentation-mcppackages usingnpm installduring the integration setup. - [COMMAND_EXECUTION]: The skill modifies the user's shell profiles (
~/.zshrcor~/.bashrc) to persist environment variables likeENABLE_CLAUDEAI_MCP_SERVERSandORCHESTKIT_HOOK_TOKEN. - [COMMAND_EXECUTION]: It executes generator scripts, such as
npm run generate:http-hooks, to dynamically create and write configuration files to the user's filesystem based on interactive inputs.
Audit Metadata