mcp-app-builder
Pass
Audited by Gen Agent Trust Hub on Mar 18, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION]: The skill uses a user-managed file (SPEC.md) to define application requirements. This establishes a surface for indirect prompt injection attacks, where malicious content in the specification could influence the AI agent's behavior.
- Ingestion points: SPEC.md (referenced in SKILL.md)
- Boundary markers: None identified in the provided instructions; the agent is directed to use the file as a primary source of truth.
- Capability inventory: Workflow steps such as 'Run locally' and 'Deploy' indicate that the agent may perform sensitive actions like command execution and network operations based on the specification.
- Sanitization: There are no instructions for validating or escaping the content of the SPEC.md file.
Audit Metadata