mcp-research
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMPROMPT_INJECTIONNO_CODE
Full Analysis
- [Indirect Prompt Injection] (MEDIUM): The skill's primary function is to ingest untrusted data from the open web and external documentation tools, creating an attack surface for instructions embedded in processed data.
- Ingestion points: Technical data is retrieved via tools such as mcp__exa__web_search_exa, mcp__jina__search_web, and mcp__jina__read_url as described in SKILL.md.
- Boundary markers: There are no explicit instructions or delimiters defined to separate retrieved content from system instructions or to warn the agent about embedded commands.
- Capability inventory: The skill is intended to support 'third-party integration work' and 'framework-specific debugging,' which typically involves the agent writing or modifying code based on the retrieved information.
- Sanitization: No sanitization or validation steps are defined for the retrieved data before it is synthesized for the user.
- [NO_CODE] (SAFE): The skill consists entirely of markdown instructions and metadata with no executable scripts or dependency files included in the provided package.
Audit Metadata