mcp-skill
Pass
Audited by Gen Agent Trust Hub on Apr 29, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill provides instructions for utilizing the
mcporterutility to manage and call MCP servers on demand. This approach is described as a strategy to optimize resources in small containers by avoiding persistent background processes. - [COMMAND_EXECUTION]: The skill documents the use of shell commands to list servers and call tools via the
mcporterCLI. These operations are essential to the skill's primary function and include explicit instructions to avoid inspecting credential files. - [INDIRECT_PROMPT_INJECTION]: The skill incorporates tools like
web-search-primeandweb-readerwhich ingest content from external websites and search results. While this creates a surface for potential indirect prompt injection, it is the standard and intended behavior for web-enabled agent capabilities. - Ingestion points: External data enters the agent context through
web-reader.webReaderandweb-search-prime.web_search_primecalls inSKILL.md. - Boundary markers: None explicitly defined in the provided instruction set.
- Capability inventory: The agent has access to the shell to run
mcportercommands. - Sanitization: No specific sanitization or filtering logic is described for the content retrieved from remote URLs or search queries.
Audit Metadata