mcp-apps
Pass
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: SAFE
Full Analysis
- Prompt Injection (SAFE): The skill documents an indirect prompt injection surface inherent to rendering external tool data in a UI. It effectively mitigates this risk by providing clear instructions and code snippets for XSS prevention and strict Content Security Policy (CSP) enforcement.
- Data Exposure & Exfiltration (SAFE): The debugging and logging patterns provided are limited to local temporary files and do not involve unauthorized network transmission or sensitive credential exposure.
- Unverifiable Dependencies & Remote Code Execution (SAFE): The skill references official and trusted documentation sources (Model Context Protocol) and does not contain patterns for downloading or executing untrusted remote code.
Audit Metadata