{"feedVersion":"1.0","generatedAt":"2026-06-03T23:12:00.084Z","description":"SkillAudit Threat Intelligence Feed — real-time security findings from AI skill scans","totalScansProcessed":874,"recentThreats":{"count":20,"severityBreakdown":{"critical":12,"high":7,"medium":1,"low":0},"uniqueDomains":3,"items":[{"scanId":"496383470d05","source":"https://mcp.run","domain":"mcp.run","ruleId":"THREAT_CHAIN_SESSION_HIJACKING","severity":"critical","category":"data_theft","name":"Threat Chain: SESSION_HIJACKING","description":"Can access browser data AND make requests - session/credential theft","line":9,"detectedAt":"2026-05-31T19:36:34.247Z"},{"scanId":"496383470d05","source":"https://mcp.run","domain":"mcp.run","ruleId":"THREAT_CHAIN_DATA_EXFILTRATION","severity":"critical","category":"data_theft","name":"Threat Chain: DATA_EXFILTRATION","description":"Can access credentials AND send network requests - potential for data theft","line":116,"detectedAt":"2026-05-31T19:36:34.247Z"},{"scanId":"496383470d05","source":"https://mcp.run","domain":"mcp.run","ruleId":"SHELL_EXEC","severity":"medium","category":"code_execution","name":"Shell command execution","description":"Skill executes shell commands that could be dangerous","line":109,"detectedAt":"2026-05-31T19:36:34.247Z"},{"scanId":"47f257fdf38d","source":"https://github.com/modelcontextprotocol/servers/blob/main/src/filesystem/README.md","domain":"github.com","ruleId":"SSRF_ADVANCED","severity":"high","category":"network","name":"Advanced SSRF / request smuggling","description":"Skill uses advanced SSRF techniques including URL parser differentials, IPv6 bypasses, or cloud metadata access via alternate encodings","line":437,"detectedAt":"2026-05-31T19:34:25.299Z"},{"scanId":"47f257fdf38d","source":"https://github.com/modelcontextprotocol/servers/blob/main/src/filesystem/README.md","domain":"github.com","ruleId":"A2A_DATA_LEAK","severity":"high","category":"data_exfiltration","name":"A2A inter-agent data leakage","description":"Skill exfiltrates data by embedding sensitive information in A2A task artifacts, messages, or metadata sent to external agents","line":52,"detectedAt":"2026-05-31T19:34:25.299Z"},{"scanId":"47f257fdf38d","source":"https://github.com/modelcontextprotocol/servers/blob/main/src/filesystem/README.md","domain":"github.com","ruleId":"SSRF_ADVANCED","severity":"high","category":"network","name":"Advanced SSRF / request smuggling","description":"Skill uses advanced SSRF techniques including URL parser differentials, IPv6 bypasses, or cloud metadata access via alternate encodings","line":421,"detectedAt":"2026-05-31T19:34:25.299Z"},{"scanId":"47f257fdf38d","source":"https://github.com/modelcontextprotocol/servers/blob/main/src/filesystem/README.md","domain":"github.com","ruleId":"SSRF_ADVANCED","severity":"high","category":"network","name":"Advanced SSRF / request smuggling","description":"Skill uses advanced SSRF techniques including URL parser differentials, IPv6 bypasses, or cloud metadata access via alternate encodings","line":431,"detectedAt":"2026-05-31T19:34:25.299Z"},{"scanId":"47f257fdf38d","source":"https://github.com/modelcontextprotocol/servers/blob/main/src/filesystem/README.md","domain":"github.com","ruleId":"SSRF_ADVANCED","severity":"high","category":"network","name":"Advanced SSRF / request smuggling","description":"Skill uses advanced SSRF techniques including URL parser differentials, IPv6 bypasses, or cloud metadata access via alternate encodings","line":422,"detectedAt":"2026-05-31T19:34:25.299Z"},{"scanId":"47f257fdf38d","source":"https://github.com/modelcontextprotocol/servers/blob/main/src/filesystem/README.md","domain":"github.com","ruleId":"A2A_CROSS_AGENT_INJECT","severity":"critical","category":"agent_manipulation","name":"Cross-agent prompt injection via A2A","description":"Skill injects instructions or manipulative content into messages sent between agents through A2A protocol, poisoning the inter-agent communication channel","line":52,"detectedAt":"2026-05-31T19:34:25.299Z"},{"scanId":"47f257fdf38d","source":"https://github.com/modelcontextprotocol/servers/blob/main/src/filesystem/README.md","domain":"github.com","ruleId":"A2A_TASK_HIJACK","severity":"critical","category":"agent_manipulation","name":"A2A task hijacking / redirection","description":"Skill intercepts, redirects, or modifies tasks intended for other agents — hijacking the A2A task delegation flow","line":52,"detectedAt":"2026-05-31T19:34:25.299Z"},{"scanId":"47f257fdf38d","source":"https://github.com/modelcontextprotocol/servers/blob/main/src/filesystem/README.md","domain":"github.com","ruleId":"CROSS_TOOL_ACCESS","severity":"high","category":"agent_manipulation","name":"Cross-tool data access","description":"Skill attempts to access data or state belonging to other tools, or reads agent conversation history to extract sensitive information","line":52,"detectedAt":"2026-05-31T19:34:25.299Z"},{"scanId":"47f257fdf38d","source":"https://github.com/modelcontextprotocol/servers/blob/main/src/filesystem/README.md","domain":"github.com","ruleId":"CRYPTO_THEFT","severity":"critical","category":"crypto_theft","name":"Cryptocurrency wallet theft","description":"Skill attempts to access crypto wallets or seed phrases","line":1132,"detectedAt":"2026-05-31T19:34:25.299Z"},{"scanId":"47f257fdf38d","source":"https://github.com/modelcontextprotocol/servers/blob/main/src/filesystem/README.md","domain":"github.com","ruleId":"SSRF_ADVANCED","severity":"high","category":"network","name":"Advanced SSRF / request smuggling","description":"Skill uses advanced SSRF techniques including URL parser differentials, IPv6 bypasses, or cloud metadata access via alternate encodings","line":407,"detectedAt":"2026-05-31T19:34:25.299Z"},{"scanId":"186843c6597c","source":"https://raw.githubusercontent.com/modelcontextprotocol/servers/main/src/everything/AGENTS.md","domain":"raw.githubusercontent.com","ruleId":"CMD_INJECTION","severity":"critical","category":"code_execution","name":"Command injection","description":"Skill constructs shell commands from dynamic input using dangerous concatenation or template patterns — enables arbitrary command execution via ; | && `` $() injection","line":38,"detectedAt":"2026-05-31T19:34:03.607Z"},{"scanId":"0eaed0f6797e","source":"https://raw.githubusercontent.com/modelcontextprotocol/servers/main/src/filesystem/README.md","domain":"raw.githubusercontent.com","ruleId":"THREAT_CHAIN_SYSTEM_COMPROMISE","severity":"critical","category":"persistence","name":"Threat Chain: SYSTEM_COMPROMISE","description":"Can modify system AND escalate privileges - full system compromise","line":37,"detectedAt":"2026-05-31T19:34:03.511Z"},{"scanId":"0eaed0f6797e","source":"https://raw.githubusercontent.com/modelcontextprotocol/servers/main/src/filesystem/README.md","domain":"raw.githubusercontent.com","ruleId":"CMD_INJECTION","severity":"critical","category":"code_execution","name":"Command injection","description":"Skill constructs shell commands from dynamic input using dangerous concatenation or template patterns — enables arbitrary command execution via ; | && `` $() injection","line":205,"detectedAt":"2026-05-31T19:34:03.511Z"},{"scanId":"0eaed0f6797e","source":"https://raw.githubusercontent.com/modelcontextprotocol/servers/main/src/filesystem/README.md","domain":"raw.githubusercontent.com","ruleId":"CMD_INJECTION","severity":"critical","category":"code_execution","name":"Command injection","description":"Skill constructs shell commands from dynamic input using dangerous concatenation or template patterns — enables arbitrary command execution via ; | && `` $() injection","line":203,"detectedAt":"2026-05-31T19:34:03.511Z"},{"scanId":"0eaed0f6797e","source":"https://raw.githubusercontent.com/modelcontextprotocol/servers/main/src/filesystem/README.md","domain":"raw.githubusercontent.com","ruleId":"CMD_INJECTION","severity":"critical","category":"code_execution","name":"Command injection","description":"Skill constructs shell commands from dynamic input using dangerous concatenation or template patterns — enables arbitrary command execution via ; | && `` $() injection","line":202,"detectedAt":"2026-05-31T19:34:03.511Z"},{"scanId":"0eaed0f6797e","source":"https://raw.githubusercontent.com/modelcontextprotocol/servers/main/src/filesystem/README.md","domain":"raw.githubusercontent.com","ruleId":"CMD_INJECTION","severity":"critical","category":"code_execution","name":"Command injection","description":"Skill constructs shell commands from dynamic input using dangerous concatenation or template patterns — enables arbitrary command execution via ; | && `` $() injection","line":201,"detectedAt":"2026-05-31T19:34:03.511Z"},{"scanId":"0eaed0f6797e","source":"https://raw.githubusercontent.com/modelcontextprotocol/servers/main/src/filesystem/README.md","domain":"raw.githubusercontent.com","ruleId":"CMD_INJECTION","severity":"critical","category":"code_execution","name":"Command injection","description":"Skill constructs shell commands from dynamic input using dangerous concatenation or template patterns — enables arbitrary command execution via ; | && `` $() injection","line":200,"detectedAt":"2026-05-31T19:34:03.511Z"}]},"flaggedDomains":{"count":10,"items":[{"domain":"mcp.run","riskLevel":"moderate","riskScore":24,"url":"https://mcp.run","flaggedAt":"2026-05-31T19:36:34.248Z"},{"domain":"github.com","riskLevel":"critical","riskScore":176,"url":"https://github.com/modelcontextprotocol/servers/blob/main/src/filesystem/README.md","flaggedAt":"2026-05-31T19:34:25.302Z"},{"domain":"raw.githubusercontent.com","riskLevel":"moderate","riskScore":10,"url":"https://raw.githubusercontent.com/modelcontextprotocol/servers/main/src/everything/AGENTS.md","flaggedAt":"2026-05-31T19:34:03.608Z"},{"domain":"raw.githubusercontent.com","riskLevel":"critical","riskScore":70,"url":"https://raw.githubusercontent.com/modelcontextprotocol/servers/main/src/filesystem/README.md","flaggedAt":"2026-05-31T19:34:03.516Z"},{"domain":"raw.githubusercontent.com","riskLevel":"high","riskScore":30,"url":"https://raw.githubusercontent.com/modelcontextprotocol/servers/main/src/sequentialthinking/README.md","flaggedAt":"2026-05-31T19:34:03.221Z"},{"domain":"raw.githubusercontent.com","riskLevel":"moderate","riskScore":10,"url":"https://raw.githubusercontent.com/modelcontextprotocol/servers/main/src/time/README.md","flaggedAt":"2026-05-31T19:34:03.179Z"},{"domain":"raw.githubusercontent.com","riskLevel":"moderate","riskScore":10,"url":"https://raw.githubusercontent.com/modelcontextprotocol/servers/main/src/git/README.md","flaggedAt":"2026-05-31T19:34:03.131Z"},{"domain":"raw.githubusercontent.com","riskLevel":"critical","riskScore":70,"url":"https://raw.githubusercontent.com/modelcontextprotocol/servers/main/src/filesystem/README.md","flaggedAt":"2026-05-31T16:41:40.513Z"},{"domain":"raw.githubusercontent.com","riskLevel":"high","riskScore":30,"url":"https://raw.githubusercontent.com/modelcontextprotocol/servers/main/src/sequentialthinking/README.md","flaggedAt":"2026-05-31T16:39:02.120Z"},{"domain":"raw.githubusercontent.com","riskLevel":"moderate","riskScore":10,"url":"https://raw.githubusercontent.com/modelcontextprotocol/servers/main/src/time/README.md","flaggedAt":"2026-05-31T16:39:02.053Z"}]},"trendingRules":{"count":10,"description":"Most frequently triggered detection rules across all scans","items":[{"ruleId":"CMD_INJECTION","hitCount":649},{"ruleId":"SSRF_ADVANCED","hitCount":374},{"ruleId":"CROSS_TOOL_ACCESS","hitCount":170},{"ruleId":"A2A_DATA_LEAK","hitCount":138},{"ruleId":"A2A_CROSS_AGENT_INJECT","hitCount":130},{"ruleId":"CRYPTO_THEFT","hitCount":119},{"ruleId":"A2A_TASK_HIJACK","hitCount":111},{"ruleId":"SHELL_EXEC","hitCount":111},{"ruleId":"REVERSE_SHELL","hitCount":91},{"ruleId":"SSRF_PATTERN","hitCount":78}]},"subscribe":{"polling":"GET /feed?severity=high&limit=50 — poll for updates","since":"GET /feed/since?ts=<unix_ms> — get threats after a timestamp","webhook":"POST /scan/url with callback parameter for per-scan notifications"}}