mcp-to-skill
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (LOW): The skill parses external codebase files to extract tool definitions and descriptions, which could contain malicious instructions designed to influence the behavior of the generated skill package.\n
- Ingestion points:
scripts/analyze_mcp.pyreads.ts,.py,package.json, andpyproject.tomlfiles from a user-provided directory.\n - Boundary markers: The skill does not use specific delimiters or safety instructions when incorporating extracted text into the generated
SKILL.mdtemplates.\n - Capability inventory: The agent is instructed to create new file structures and write scripts based on the parsed data, potentially propagating any injected content.\n
- Sanitization: Extracted strings are handled as raw data and are not validated or sanitized before being placed into new files.
Audit Metadata