mcporter
Warn
Audited by Gen Agent Trust Hub on Apr 6, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [UNVERIFIABLE_DEPENDENCIES_AND_REMOTE_CODE_EXECUTION]: The skill instructs the user to install the
mcporterpackage globally from the public NPM registry (npm install -g mcporter). This introduces an external dependency that is not from a pre-verified trusted source. - [COMMAND_EXECUTION]: The skill relies on executing shell commands via the
mcporterCLI to interact with servers and themkdircommand to create directories for newly generated skills. - [INDIRECT_PROMPT_INJECTION]: The skill retrieves tool schemas from external MCP servers and uses that content to generate new
SKILL.mdfiles. This creates a vulnerability where a malicious MCP server could provide descriptions designed to inject instructions into the agent's persistent logic library. - Ingestion points: Data retrieved from external MCP servers via
mcporter list --schema(as seen in SKILL.md). - Boundary markers: Absent. The schema content is interpolated directly into markdown templates without delimiters or warnings to ignore embedded instructions.
- Capability inventory: The agent can write files to its own skills directory (
~/skills/) and execute subprocesses via themcportercommand (documented in SKILL.md). - Sanitization: No sanitization or validation of the external schema data is performed before writing it to the file system.
- [DYNAMIC_EXECUTION]: The skill dynamically creates and writes new operational logic in the form of
SKILL.mdfiles based on templates and external data inputs retrieved at runtime.
Audit Metadata