setup-mcp-server
Pass
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSNO_CODE
Full Analysis
- NO_CODE (SAFE): The skill is entirely instructional and does not contain any executable code, shell scripts, or tool definitions for the agent to run locally.
- PROMPT_INJECTION (LOW): (Category 8: Indirect Prompt Injection) The skill describes the implementation of tools like get_page_content and search_pages that ingest untrusted data from websites. Mandatory Evidence Chain: 1. Ingestion points: Website content retrieved via search_pages and get_page_content tools. 2. Boundary markers: No markers or 'ignore' instructions are provided in the documentation. 3. Capability inventory: Site metadata retrieval, content searching, and full-page content reading. 4. Sanitization: No sanitization or validation methods are described for the external content.
- EXTERNAL_DOWNLOADS (SAFE): The skill documentation references a third-party script (https://cdn.inlay.dev/embed.js) and an audit API (https://www.inlay.dev/api/audit), but these are for the user to implement on their own infrastructure and are not executed by the agent.
- DATA_EXPOSURE (SAFE): The skill uses placeholders such as YOUR_SITE_ID and YOUR_SITE_SLUG and contains no hardcoded credentials or sensitive secrets.
Audit Metadata