mcp-integration
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- EXTERNAL_DOWNLOADS (LOW): The
stdio-server.jsonfile usesnpxto download and execute the@modelcontextprotocol/server-filesystempackage. While this is a standard tool, it involves fetching code from a remote registry at runtime. - COMMAND_EXECUTION (LOW): The skill defines several local command execution patterns including
npx,python, and direct script paths. These are essential for stdio-based MCP servers but represent a local execution surface. - PROMPT_INJECTION (LOW): The configuration enables filesystem and database access, which creates a surface for indirect prompt injection. If the agent processes files or database content containing malicious instructions, it may act on them. Evidence: 1. Ingestion points: local filesystem and database. 2. Boundary markers: none specified. 3. Capability inventory: file system access, database queries, and command execution. 4. Sanitization: none specified.
- SAFE (INFO): The configurations consistently use environment variable placeholders (e.g.,
${API_TOKEN},${DATABASE_URL}) for all sensitive credentials, preventing accidental exposure of secrets in the skill itself.
Audit Metadata