mcp-setup
Pass
Audited by Gen Agent Trust Hub on Apr 22, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Downloads the GitHub MCP server image from the GitHub Container Registry (ghcr.io), a well-known service. It also directs users to documentation on Atlassian Confluence.
- [COMMAND_EXECUTION]: Executes a readiness check script (./global/scripts/check-github-mcp-readiness.sh) and utilizes Docker commands for environment setup and container management.
- [PROMPT_INJECTION]: The skill handles MCP server configurations, creating a surface for indirect prompt injection via structured data files.
- Ingestion points: Reads and writes MCP configuration JSON files (e.g., .cursor/mcp.json, .mcp.json) across various IDE and user paths.
- Boundary markers: Missing explicit delimiters or instructions to ignore embedded commands within the external configuration data.
- Capability inventory: The configuration allows for the execution of arbitrary tools and shell commands via Docker containers.
- Sanitization: No validation or sanitization of the JSON configuration content is performed.
Audit Metadata