mcp-integration
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- COMMAND_EXECUTION (LOW): The file
examples/stdio-server.jsonconfigures the agent to execute local commands usingnpx,python, and direct script paths. This is the primary function of stdio MCP servers but requires strict control over the local environment.- EXTERNAL_DOWNLOADS (LOW): Thefilesystemserver entry usesnpx -y @modelcontextprotocol/server-filesystem, which downloads and executes code from the npm registry at runtime. While the@modelcontextprotocolscope is generally associated with trusted Anthropic projects, dynamic execution of remote packages is a potential vector for supply chain attacks.- PROMPT_INJECTION (LOW): Category 8: Indirect Prompt Injection risk surface identified. \n - Ingestion points:
examples/stdio-server.json(viafilesystemaccess to${CLAUDE_PROJECT_DIR}).\n - Boundary markers: None provided in the JSON configuration files.\n
- Capability inventory: Local command execution (
npx,python), filesystem read/write, and HTTP/SSE network requests.\n - Sanitization: No sanitization or validation mechanisms are defined within these configuration examples.- CREDENTIALS_UNSAFE (SAFE): No hardcoded secrets were detected; all sensitive values (API tokens, database URLs) are referenced via environment variables (e.g.,
${API_TOKEN}).
Audit Metadata