Skills
skills/coinmarketcap-official/skills-for-ai-agents-by-coinmarketcap/cmc-mcp/Gen Agent Trust Hub

cmc-mcp

Pass

Audited by Gen Agent Trust Hub on Mar 3, 2026

Risk Level: SAFE
Full Analysis
  • [DATA_EXPOSURE_AND_EXFILTRATION]: The skill requests the user to provide their own API key via an MCP configuration header. It does not contain any hardcoded secrets and correctly directs users to the official vendor domain (pro.coinmarketcap.com) for credential management.
  • [INDIRECT_PROMPT_INJECTION]: The skill acts as a data ingestion surface for external content such as news and project descriptions.
  • Ingestion points: External data is fetched via tools like get_crypto_latest_news, get_crypto_info, and search_crypto_info.
  • Boundary markers: No explicit delimiters are used in the prompt instructions to isolate external data from instructions.
  • Capability inventory: The skill is limited to making further MCP tool calls; it contains no scripts or tools with capabilities for file system access, subprocess spawning, or network exfiltration.
  • Sanitization: No sanitization or validation of the fetched external content is performed before presentation to the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 3, 2026, 06:15 AM